https://stackoverflow.com/questions/16750998
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianYour program doing buffer overflow at runs time, by strcat(arr3, arr4) because arr3 size is just equals to length of "Mr." string , it has no extra memory space for extra chars (from arr4).
size of arr3 should be atlest string length of a "Mr. " + "Smith" + 1
(extra 1 for string termination \0 char)
My Suggestion is use dynamic memory allocation for sufficient size buffer, do something like code below:
char arr3[] = "Mr. ";
char arr4[] = "Smith";
length = strlen(arr3) + strlen(arr4) + 1; //cal-length (sufficient long buffer)
char* new_arr = malloc(length); // allocate memory
strcpy(new_arr, arr3); // copy first string
strcat(new_arr, arr4); // then check your function to concat strings
Reason of Core-Dump:
In your code :
char arr3[] = "Mr. ";
The size of arr2 is = length of string "Mr." length + 1 (1 because of \0) chars. The strcat() first moves temp pointers to point null in first while loop while(*tmp) ++tmp ;.
After that in second while loop while( (*tmp++ = *src++ ) != '\0') ; you are trying to accessing and assigning on memory that is not allocated ( my be out of your process control) and access a memory that you have not allocated is undefined behavior in C.
Edit:
In code arr3 is something like below in diagram, where temp points to arr3 array:
arr3
temp 5 6 7 8
+-----+ +--+--+--+---+
| 5 +----->|M |r |. |\0 |
+-----+ +--+--+--+---+
when loop while(*tmp) ++tmp ; breaks temp starts pointing to memory location 8 where null \0 is stored, like below diagram.
arr3
temp 5 6 7 8
+-----+ +--+--+--+---+
| 8 | |M |r |. |\0 |
+-----+ +--+--+--+---+
| ^
+--------------------|
When you do temp++ in loop while( (*tmp++ = *src++ ) != '\0') ; , temp increment to point to memory location 9 and onwards, but access and assigning on memory 9, 10.. is illegal because its not allocated. This causes OS kernel send a signal core dump to the your process which caused the exception. (interesting to note: as OS detects memory right violation by a process -- An invalid access to valid memory gives: SIGSEGV And access to an invalid address gives: SIGBUS).
Program Error Signals:
When one of these program error signals terminates a process, it also writes a core dump file which records the state of the process at the time of termination. The core dump file is named `core' and is written in whichever directory is current in the process at the time. (On the GNU system, you can specify the file name for core dumps with the environment variable COREFILE.) The purpose of core dump files is so that you can examine them with a debugger to investigate what caused the error.
If you allocates extra memory (as @JerryCoffin and @Paul R suggested) then you can access memory beyond \0 (memory location 8) is no problem.
Note: If you not gives size at declaration then size of array will be equals to size of string e.g. in char arr3[] = "Mr. "; size is 5. But if you give size explicitly as char arr3[84] = "Mr. "; then size of aar3 will be 84 and initial memory contains Mr. then 0 in rest of all locations.
In my solution I completely allocate new memory blocks that is as large as both string arr3 and arr4 can be stored with null symbol using dynamic memory allocation (malloc() function). Additionally If you allocates dynamic memory using ptr = malloc() or ptr = calloc() then you should free memory explicitly when work done using free(ptr).
