Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Programming

Journal ryanr's Journal: Bug Puzzle #1 6

Journal by ryanr
#include <stdio.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <arpa/inet.h>

int main (int argc, char *argv[])
{
  int i = 0;
  struct in_addr *inp;
  int result;

  if (argc < 2)
  {
    exit (1);
  }
  result = inet_aton (argv[1], inp);
  printf ("%x\n", *inp);
}

[root@scutter]# gcc bug.c
[root@scutter]# ./a.out 10.1.1.1
Segmentation fault

wtf?

(I know wtf actually, the point is to give people some entertainment by giving them a programming error to solve, in the spirit of the pclint ads.)

Compiled on Red Hat 8.0 if it's important to someone, but the error should be fairly platform independent. :)

Post answers or questions below.
This discussion has been archived. No new comments can be posted.

Bug Puzzle #1 More

Bug Puzzle #1

Comments Filter:
  • inp doesn't point anywhere, so inet_aton() tries to put its result in a random memory address.
    • Correct. I'll post the proper code after people have had a chance to try it on their own if they wish. Though, if they understand your answer, the fix should be obvious.

      Bonus question for advanced Bug Puzzlers:

      #include <stdio.h>
      #include <netinet/in.h>
      #include <sys/types.h>
      #include <sys/socket.h>
      #include <sys/types.h>
      #include <arpa/inet.h>

      int main (int argc, char *argv[])
      {
      struct in_addr *inp;
      int result;

      if (argc < 2)
      {
      exit (1);
      }
      result = inet_aton (argv[1], inp
      • Comment removed based on user account deletion
        • I don't know if there's any better documentation than the man pages:

          http://www.die.net/doc/linux/man/man3/inet_aton.3 . html [die.net]

          Interesting that yours didn't crash with the first example like mine did... I'll have to be more careful with my examples. :) But, that's the point I was trying to make with this bug... uninitialized pointers do fun things. :)

          To get the answer I was going for, you'd probably have to dig around with a debugger in the stack to show why it sometimes mysteriously works.
      • This is just me taking a guess here...but I have a feeling that the int i=0; declaration in the previous program forces the inet_aton call to stomp on memory that it doesn't own. In this case, I would guess that it uses the space pointed to by the argv[0] or argv[1] array, which ARE in it's available memory.

  • Answer (Score:2)

    by ryanr ( 30917 )
    #include <stdio.h>
    #include <netinet/in.h>
    #include <sys/types.h>
    #include <sys/socket.h>
    #include <sys/types.h>
    #include <arpa/inet.h>

    int main (int argc, char *argv[])
    {
    int i = 0;
    struct in_addr inp;
    int result;

    if (argc < 2)
    {
    exit (1);
    }
    result = inet_aton (argv[1], &inp);
    printf ("%x\n", inp);
    }

    As Krelnik was the first to point out, the original bug was that I was using an uninitialized pointer. The inet_aton function takes a pointer to a stucture (which is reall

Slashdot Top Deals

Their idea of an offer you can't refuse is an offer... and you'd better not refuse.

Close