Bug 984 - strcpy(s,s+N) 内存溢出错误
Summary: strcpy(s,s+N) 内存溢出错误
Status: RESOLVED FIXED
Alias: None
Product: Anolis OS 7
Classification: Anolis OS
Component: BaseOS Packages (show other bugs) BaseOS Packages
Version: 7.9
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: ---
Assignee: yunqi-zwt
QA Contact: shuming
URL:
Whiteboard:
Keywords:
: 983 (view as bug list)
Depends on:
Blocks:
 
Reported: 2022-04-27 15:52 UTC by wuyyyyuw
Modified: 2022-05-19 22:59 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description wuyyyyuw 2022-04-27 15:52:13 UTC 
Description of problem:

我们现在有个场景:语言 c 和 c++ 混合使用。strcpy(ssrc,ssrc+7); 这种会出现内存混乱的情况。

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 wuyyyyuw 2022-04-27 16:29:40 UTC 
  
	char* strchr_ex( const char* src,    char ch   )
{
	bool bRet = true;

	//GB18030的规范是汉字第一个字节在0x81-0xFE之间,第二个字节位于区间0x40-0x7E以及0x80-0xFE
	while(	*src != ch )   
	{
		if ((unsigned char) *src > 0x80 && (unsigned char) *src < 0xFF )
		{
			src += 2;
			continue;
		}

		if(*src == '\0')
			return NULL;
		src++;   
	}
	return (char*)src;   
}
	
	//按分隔符字符串截取
int cutsubstr_ex( char * sdest, int nsize, char *&ssrc, char cflag )
{
	char * ps = NULL;

	if( nsize < 1 || cflag == 0 )
		return 200;

	if( strlen(ssrc) == 0 )
	{
		*sdest = 0x00;
		return 1;
	}

	ps = strchr_ex( ssrc, cflag );

	if( ps == NULL )
	{
		if( (int)strlen(ssrc) < nsize )
		{
			strcpy( sdest, ssrc );
			*ssrc = 0x00;
		}
		else
			return 100;		
	}
	else
	{
		if( ps-ssrc < nsize )
		{
			memcpy( sdest, ssrc, ps-ssrc );
			sdest[ps-ssrc] = 0x00;
			
			strcpy( ssrc, ps+1 ); //这里有问题
			
		}
		else
			return 100;
	}	
	return 0;
}





void main(){
	kdt_vchar1024	sFieldData;
	kdt_int         nSerno = 0;
	while(!cutsubstr_ex(sFieldData, sizeof(sFieldData), sRowdata, '|')){
	   KcpdUserLog(LOG_LEVEL_DEAULT_USER, "cutsubstr_ex[%s][%s]", sRowdata,sFieldData);
	}
}
Comment 2 wuyyyyuw 2022-04-27 16:35:22 UTC 
物理机内核版本:
Linux version 4.18.0-193.60.2.an8_2.x86_64 (mockbuild@anolis-build-01.openanolis.cn) (gcc version 8.3.1 20191121 (Anolis 8.3.1-5.0.1) (GCC)) #1 SMP Tue Aug 17 16:16:36 CST 2021

docker镜像版本是:anolisos7.9
Comment 3 杨晓旋 uniontech_group 2022-05-19 22:55:58 UTC 
strcpy函数问题,在7系列对应的软件版本中都存在,上游社区有同样的问题。该问题直接原因是strcpy在拷贝包括中文的长字符串时会发生错位。包版本的strcpy函数已经做了修复,修改原理是舍弃原先的按字节拷贝的方式而直接调用memcpy函数,采用直接复制内存地址中所有字节的方式。这样处理不会出现错位的情况。建议使用memcpy做字符串的拷贝。
Comment 4 杨晓旋 uniontech_group 2022-05-19 22:59:32 UTC 
*** Bug 983 has been marked as a duplicate of this bug. ***