search

hightman / scws

开源免费的简易中文分词系统,PHP分词的上乘之选!
http://www.xunsearch.com/scws/
Other
1.65k stars 348 forks source link

_xtree_node_search() 函数中compare string的实现有bug? #74

Closed lishunan246 closed 1 year ago

lishunan246 commented 1 year ago 
static node_t _xtree_node_search(node_t head, node_t **pnode, const char *key, int len)
{
    int cmp;    

    cmp = memcmp(key, head->key, len);
    if (cmp == 0)
        cmp = len - strlen(head->key);

    if (cmp != 0)   
    {
        // ...
    }
    return head;
}

这里当 head->key 比 key 短时可能发生段错误?

应该改成

static node_t _xtree_node_search(node_t head, node_t **pnode, const char *key, int len)
{
    int cmp;    

    int hlen = strlen(head->key);
    int clen = len < hlen ? len : hlen;

    cmp = memcmp(key, head->key, clen);
    if (cmp == 0)
        cmp = len - hlen;

    if (cmp != 0)   
    {
        // ...
    }
    return head;
}
hightman commented 1 year ago

如果 head->key 更短,memcmp 就不会返回 0 发自我的 iPhone6艹在 2022年11月7日,14:14,复读机 @.> 写道: static node_t _xtree_node_search(node_t head, node_t pnode, const char key, int len) { int cmp; 

cmp = memcmp(key, head->key, len);
if (cmp == 0)
    cmp = len - strlen(head->key);

if (cmp != 0)   
{
    // ...
}
return head;

} 这里先进行 memcmp, 后比较字符串长度。 当 head->key 比 key 短时可能发生段错误? 应该改成 static node_t _xtree_node_search(node_t head, node_t *pnode, const char key, int len) { int cmp; 

    cmp = len - strlen(head->key);
if (cmp == 0)
    cmp = memcmp(key, head->key, len);

if (cmp != 0)   
{
    // ...
}
return head;

}

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: @.***>

lishunan246 commented 1 year ago

问题不在于返回值,这里读head->key长度外的内存地址的行为可能访问到未分配给进程的内存地址

可能会触发 segment fault

hightman commented 1 year ago

根据 memcmp 的实现(通常转为long类型比较)确实有可能越界…  谢谢发自我的 iPhone6艹在 2022年11月7日,14:58,hightman @.> 写道:如果 head->key 更短,memcmp 就不会返回 0 发自我的 iPhone6艹在 2022年11月7日,14:14,复读机 @.> 写道: static node_t _xtree_node_search(node_t head, node_t *pnode, const char key, int len) { int cmp; 

cmp = memcmp(key, head->key, len);
if (cmp == 0)
    cmp = len - strlen(head->key);

if (cmp != 0)   
{
    // ...
}
return head;

} 这里先进行 memcmp, 后比较字符串长度。 当 head->key 比 key 短时可能发生段错误? 应该改成 static node_t _xtree_node_search(node_t head, node_t *pnode, const char key, int len) { int cmp; 

    cmp = len - strlen(head->key);
if (cmp == 0)
    cmp = memcmp(key, head->key, len);

if (cmp != 0)   
{
    // ...
}
return head;

}

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you are subscribed to this thread.Message ID: @.***>