This is the mail archive of the libc-help@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: getline() and size_t

From: Keisial <keisial at gmail dot com>
To: Michael Vaughn <mvaughn at wisc dot edu>
Cc: libc-help at sourceware dot org
Date: Tue, 04 May 2010 22:41:31 +0200
Subject: Re: getline() and size_t
References: <72309a9711714.4be018c0@wiscmail.wisc.edu>

Michael Vaughn wrote:
> Hello,
> I have an odd and somewhat dumb question. While using getline() for the first time, (with a pointer to NULL for lineptr), I accidentally passed int * instead of size_t* for the second argument. What was surprising to me is that this somehow causes corruption of the allocated heap data. When I go to free the buffer, I get the classic "double free or corruption" message and dump.
> I'm not entirely certain how the type mix-up could cause such wide-ranging issues when getline() goes to allocate the buffer, (especially considering I was using a positive 4-bit integer, and size_t is 8 bits so I wouldn't expect there to be, for example, a sign extension issue.)
>   
They are not 4-bit and 8-bit but 4 bytes and 8 bytes.

> Obviously, using int * is wrong, but I was wondering if anyone could clarify what goes on when I mix up size_t and int in this context. [For my peace of mind - something about a memory corruption issue that I don't fully understand, even if it is seemingly rectified worries me].
> Thank you for your patience,
>  Michael Vaughn
>   

You are mentioning the issue. You provide a 32bit number, getline reads
a 64bit number. When it goes to write 8 bytes there, 4 of them belong to
a different variable.

References:
- getline() and size_t
  - From: Michael Vaughn

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]