问题求教--在线等 - 未名空间MITBBS历史存档

国际科技财经博客移民网络热点娱乐民生时事公众号

Redian新闻

>未名空间

>Security - 系统安全

问题求教--在线等

问题求教--在线等# Security - 系统安全

g*s2002-07-28 07:07

1 楼

Here are two approaches to handling an input
file of arbitrary size:
A. Use a library or syscall that lets you determine the size
of the file. malloc a buffer to be that size. Then read
chars into the buffer until you hit EOF.
B. Malloc a buffer of a specific size. Read chars until
you hit that size, or EOF. If you fill the buffer,
use realloc to get a larger buffer.
From a security perspective, which is better? Why?
谢谢

p*y2002-07-28 07:07

2 楼

A is not good i think,
If the size of the file changes after you determine the size of it,
the surplus part may overwrite the memory portion after the buffer
you allocated. And that portion may be a piece of code, the return addr
of a function call, etc.
Someone may write malicious code or address to get control of the host.

【在 g*s 的大作中提到】

: Here are two approaches to handling an input
: file of arbitrary size:
: A. Use a library or syscall that lets you determine the size
: of the file. malloc a buffer to be that size. Then read
: chars into the buffer until you hit EOF.
: B. Malloc a buffer of a specific size. Read chars until
: you hit that size, or EOF. If you fill the buffer,
: use realloc to get a larger buffer.
: From a security perspective, which is better? Why?
: 谢谢