The void anagram_ReadDict( void ) in sequential/anagram reads a dictionary into a heap-allocated segment of memory. The allocated heap space is however insufficient for the allocated data resulting in further allocations, e.g. from anagram_NewWord, overwriting data in the dictionary.
As per the comments and the code, each entry in the dictionary should be (2 + length of the word + '\0') bytes long. However, when determining the size of the array to be allocated in memory the loop does not account for the terminator \0 (L300-L306). The insertion does include the characters from the string (L320), the terminator (L324), and additional 2 bytes (L325-L326).
Additional testing confirmed the count if off by one byte per word.
The
void anagram_ReadDict( void )
insequential/anagram
reads a dictionary into a heap-allocated segment of memory. The allocated heap space is however insufficient for the allocated data resulting in further allocations, e.g. fromanagram_NewWord
, overwriting data in the dictionary.As per the comments and the code, each entry in the dictionary should be (
2 + length of the word + '\0'
) bytes long. However, when determining the size of the array to be allocated in memory the loop does not account for the terminator\0
(L300-L306). The insertion does include the characters from the string (L320), the terminator (L324), and additional 2 bytes (L325-L326).Additional testing confirmed the count if off by one byte per word.
https://github.com/tacle/tacle-bench/blob/a854655919ea3970c95baa4f4b3c1964eae9c6af/bench/sequential/anagram/anagram.c#L288-L332