论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2008-12-04 12:46 |只看该作者 |倒序浏览

今天上午，梁总教我上去，tcmd又coredump了，KeyBack.c还有执行handler就挂掉了。找原因，找来找去，花了一个小时，以为是接收部分的问题，最后还是另一个人，用arm-linux-gdb tcmd coredump文件　的命令定位到了是audio_test_Handler中的kill_process()函数，但看来看去，我认为没有问题。最后梁总说查一下数组command的大小，50个字节够吗？
一查，果然不够。这是导制出错的原因。

/*==================================================================================================
DESCRIPTION: This function  is responsible for killing the pointed process.
ARGUMENTS PASSED:
  char* process_name- Pointer to process name

RETURN VALUE:
  void
IMPORTANT NOTES:

==================================================================================================*/
int kill_process(char* process_name )
{
   int status;
   char commond[50];－－－－－－－－－－－－1
   char kill_commond[20];
   FILE *fp;
   char temp[200];
   char *pch;
   int pid;
   int length=0;

   sprintf( commond,"/opl/telephony/bin/ps|grep ");
   strcat( commond, process_name);－－－－－－－2
strcat( commond, " >/tmp/process.txt");－－－－3
   printf( "commond %s \n",commond);
   status = system( commond );
   if(!status ){
      fp=fopen("/tmp/process.txt", "r");
      if(fp==NULL){
         printf("Can not open /tmp/process.txt\n");
         return -1;
      }
      length=fread(temp,1,100,fp);
      fclose(fp);
      if( length==0 ){
            printf("Can not search the process\n");
         return -1;
      }
      pch=strtok( temp, " ");
      if(  NULL ){
      printf("the pid is %s \n",pch);
      //pch=strtok( NULL, " ");
      }
      //pid = atoi( pch );
      sprintf(kill_commond ,"kill %s\n", pch);
      status = system( kill_commond );
      if(!status ){
         printf(" have killed %s \n", process_name);
      }
      else{
         printf("kill failed \n");
         return -1;
      }
   }
   else{
      printf("execute commond ps|grep failed \n");
      return -1;
   }
   return 0;
}
sprintf( commond,"/opl/telephony/bin/ps|grep ");
是27个字节，
用的process_name是”/opl/telephony/tel/audhwtest"是28个字节，又加上
strcat( commond, " >/tmp/process.txt");－－－－3
17个字节，这样27+28+17超过50个字节迁，
字符数组越界。
从而导制coredump.
造成这个的原因，是以前在目录前没有加opl这个目录，在前两天修改后
却没有调整函数内部数组的大小，从而越界出错。花了2个多小时，3个人才找出来问题。这是多么大的浪费啊。
下面修改后没有问题了！！
int kill_process(char* process_name )
{
   int status;
   char commond[100];
   char kill_commond[20];
   FILE *fp;
   char temp[200];
   char *pch;
   int pid;
   int length=0;

   sprintf( commond,"/opl/telephony/bin/ps|grep ");
   strcat( commond, process_name);
   strcat( commond, " >/tmp/process.txt");
   printf( "commond %s \n",commond);
   status = system( commond );
   if(!status ){
      fp=fopen("/tmp/process.txt", "r");
      if(fp==NULL){
         printf("Can not open /tmp/process.txt\n");
         return -1;
      }
      length=fread(temp,1,100,fp);
      fclose(fp);
      if( length==0 ){
            printf("Can not search the process\n");
         return -1;
      }
      pch=strtok( temp, " ");
      if( pch!= NULL ){
      printf("the pid is %s \n",pch);
      //pch=strtok( NULL, " ");
      }
      //pid = atoi( pch );
      sprintf(kill_commond ,"kill %s\n", pch);
      status = system( kill_commond );
      if(!status ){
         printf(" have killed %s \n", process_name);
      }
      else{
         printf("kill failed \n");
         return -1;
      }
   }
   else{
      printf("execute commond ps|grep failed \n");
      return -1;
   }
   return 0;
}

本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u2/63775/showart_1679206.html

文库|博客

返回列表

Chinaunix › 论坛 › 操作系统 › Linux新手园地 › Linux文档专区 › 【教训】修改函数，数组太小导制的coredump问题

【教训】修改函数，数组太小导制的coredump问题 [复制链接]