在glibc中,gdb core调试,显示FILE*指针内容(FILE写出现了core文件)
$1 = {_flags = 107276440, _IO_read_ptr = 0x3000000018 <Address 0x3000000018 out of bounds>, _IO_read_end = 0x2aea0006e9a0 "痍\006",
_IO_read_base = 0x2aea0006e8e0 "痍2045", _IO_write_base = 0x53305239 <Address 0x53305239 out of bounds>,
_IO_write_ptr = 0x35343032eaf0 <Address 0x35343032eaf0 out of bounds>, _IO_write_end = 0x2aea0006e9b0 "-", _IO_buf_base = 0x2aea0006e9f0 "[2014-03-24][23:41:45]",
_IO_buf_end = 0x2aea0006eaf0 "adfbc"..., _IO_save_base = 0x2 <Address 0x2 out of bounds>, _IO_backup_base = 0x2 <Address 0x2 out of bounds>,
_IO_save_end = 0x2aea000819c0 "\300\t\004", _markers = 0x0, _chain = 0x3, _fileno = 107625062, _flags2 = 56, _old_offset = 47184511166896, _cur_column = 59792,
_vtable_offset = 6 '\006', _shortbuf = "", _lock = 0x7fff599c0590, _offset = 5052268, __pad1 = 0x2aea0006e980, __pad2 = 0x2aea0006e9b0, __pad3 = 0x2aea0006ea18,
__pad4 = 0x2d26da68, __pad5 = 32, _mode = 453104, _unused2 = "\352*\000\000@\352\006\000\352*\000\000伴\006\000\352*\000"}
可以看到_IO_write_base 错误,因此该文件指针FILE已经被破坏。所以会出现segment fault错误。
通常_IO_write_base 与_IO_read_base都指向同一区域。
表示当前缓冲区的基地址。
0x2aea0006e9a0-0x2aea0006e8e0 = C0 = 192字节
下面这段程序打印地址:
#include <stdio.h>
#include <stdlib.h>
int main(int argc,char* argv[])
{
FILE *fp = fopen("test.txt","w");
char s[32]={0};
for(int i=0;i<100;i++)
{
sprintf(s,"%d=now\n",i);
fprintf(fp,"%s",s);
fprintf(fp,"_IO_read_base=%x\n",fp->_IO_read_base);
fprintf(fp,"_IO_write_base=%x\n",fp->_IO_write_base);
fprintf(fp,"_IO_buf_base=%x\n",fp->_IO_buf_base);
}
fclose(fp);
return 0;
}
程序输出:
94=now
_IO_read_base=2315d000
_IO_write_base=2315d000
_IO_buf_base=2315d000
95=now
_IO_read_base=2315d000
_IO_write_base=2315d000
_IO_buf_base=2315d000
96=now
_IO_read_base=2315d000
_IO_write_base=2315d000
_IO_buf_base=2315d000
97=now
_IO_read_base=2315d000
_IO_write_base=2315d000
_IO_buf_base=2315d000
98=now
_IO_read_base=2315d000
_IO_write_base=2315d000
_IO_buf_base=2315d000
99=now
_IO_read_base=2315d000
_IO_write_base=2315d000
_IO_buf_base=2315d000