document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-22 23:00:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

translated

Browse Source
This commit is contained in:
unigeorge 2021-10-18 13:33:30 +08:00 committed by GitHub
parent e67818bb9f
commit 4aef26d983
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 408 additions and 415 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

415
sources/tech/20211014 5 common bugs in C programming and how to fix them.md
View File

@ -1,415 +0,0 @@
[#]: subject: "5 common bugs in C programming and how to fix them"
[#]: via: "https://opensource.com/article/21/10/programming-bugs"
[#]: author: "Jim Hall https://opensource.com/users/jim-hall"
[#]: collector: "lujun9972"
[#]: translator: "unigeorge"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
5 common bugs in C programming and how to fix them
======
Five ways to make your C programs more resilient and reliable.
![Bug tracking magnifying glass on computer screen][1]
Even the best programmers can create programming bugs. Depending on what your program does, these bugs could introduce security vulnerabilities, cause the program to crash, or create unexpected behavior.
The C programming language sometimes gets a bad reputation because it is not memory safe like more recent programming languages, including Rust. But with a little extra code, you can avoid the most common and most serious C programming bugs. Here are five bugs that can break your application and how you can avoid them:
### 1\. Uninitialized variables
When the program starts up, the system will assign it a block of memory that the program uses to store data. That means your variables will get whatever random value was in memory when the program started.
Some environments will intentionally "zero out" the memory as the program starts up, so every variable starts with a zero value. And it can be tempting to assume in your programs that all variables will begin at zero. However, the C programming specification says that the system does not initialize variables.
Consider a sample program that uses a few variables and two arrays:
```
#include <stdio.h>
#include <stdlib.h>
int
main()
{
  int i, j, k;
  int numbers[5];
  int *array;
  [puts][2]("These variables are not initialized:");
  [printf][3]("  i = %d\n", i);
  [printf][3]("  j = %d\n", j);
  [printf][3]("  k = %d\n", k);
  [puts][2]("This array is not initialized:");
  for (i = 0; i < 5; i++) {
    [printf][3]("  numbers[%d] = %d\n", i, numbers[i]);
  }
  [puts][2]("malloc an array ...");
  array = [malloc][4](sizeof(int) * 5);
  if (array) {
    [puts][2]("This malloc'ed array is not initialized:");
    for (i = 0; i < 5; i++) {
      [printf][3]("  array[%d] = %d\n", i, array[i]);
    }
    [free][5](array);
  }
  /* done */
  [puts][2]("Ok");
  return 0;
}
```
The program does not initialize the variables, so they start with whatever values the system had in memory at the time. Compiling and running this program on my Linux system, you'll see that some variables happen to have "zero" values, but others do not:
```
These variables are not initialized:
  i = 0
  j = 0
  k = 32766
This array is not initialized:
  numbers[0] = 0
  numbers[1] = 0
  numbers[2] = 4199024
  numbers[3] = 0
  numbers[4] = 0
malloc an array ...
This malloc'ed array is not initialized:
  array[0] = 0
  array[1] = 0
  array[2] = 0
  array[3] = 0
  array[4] = 0
Ok
```
Fortunately, the `i` and `j` variables start at zero, but `k` has a starting value of 32766. In the numbers array, most elements also happen to start with zero, except the third element, which gets an initial value of 4199024.
Compiling the same program on a different system further shows the danger in uninitialized variables. Don't assume "all the world runs Linux" because one day, your program might run on a different platform. For example, here's the same program running on FreeDOS:
```
These variables are not initialized:
  i = 0
  j = 1074
  k = 3120
This array is not initialized:
  numbers[0] = 3106
  numbers[1] = 1224
  numbers[2] = 784
  numbers[3] = 2926
  numbers[4] = 1224
malloc an array ...
This malloc'ed array is not initialized:
  array[0] = 3136
  array[1] = 3136
  array[2] = 14499
  array[3] = -5886
  array[4] = 219
Ok
```
Always initialize your program's variables. If you assume a variable will start with a zero value, add the extra code to assign zero to the variable. This extra bit of typing upfront will save you headaches and debugging later on.
### 2\. Going outside of array bounds
In C, arrays start at array index zero. That means an array that is ten elements long goes from 0 to 9, or an array that is a thousand elements long goes from 0 to 999.
Some programmers sometimes forget this and introduce "off by one" bugs where they reference the array starting at one. In an array that is five elements long, the value the programmer intended to find at array element "5" is not actually the fifth element of the array. Instead, it is some other value in memory, not associated with the array at all.
Here's an example that goes well outside the array bounds. The program starts with an array that's only five elements long but references array elements from outside that range:
```
#include <stdio.h>
#include <stdlib.h>
int
main()
{
  int i;
  int numbers[5];
  int *array;
  /* test 1 */
  [puts][2]("This array has five elements (0 to 4)");
  /* initalize the array */
  for (i = 0; i < 5; i++) {
    numbers[i] = i;
  }
  /* oops, this goes beyond the array bounds: */
  for (i = 0; i < 10; i++) {
    [printf][3]("  numbers[%d] = %d\n", i, numbers[i]);
  }
  /* test 2 */
  [puts][2]("malloc an array ...");
  array = [malloc][4](sizeof(int) * 5);
  if (array) {
    [puts][2]("This malloc'ed array also has five elements (0 to 4)");
    /* initalize the array */
    for (i = 0; i < 5; i++) {
      array[i] = i;
    }
    /* oops, this goes beyond the array bounds: */
    for (i = 0; i < 10; i++) {
      [printf][3]("  array[%d] = %d\n", i, array[i]);
    }
    [free][5](array);
  }
  /* done */
  [puts][2]("Ok");
  return 0;
}
```
Note that the program initializes all the values of the array, from 0 to 4, but then tries to read 0 to 9 instead of 0 to 4. The first five values are correct, but after that you dont know what the values will be:
```
This array has five elements (0 to 4)
  numbers[0] = 0
  numbers[1] = 1
  numbers[2] = 2
  numbers[3] = 3
  numbers[4] = 4
  numbers[5] = 0
  numbers[6] = 4198512
  numbers[7] = 0
  numbers[8] = 1326609712
  numbers[9] = 32764
malloc an array ...
This malloc'ed array also has five elements (0 to 4)
  array[0] = 0
  array[1] = 1
  array[2] = 2
  array[3] = 3
  array[4] = 4
  array[5] = 0
  array[6] = 133441
  array[7] = 0
  array[8] = 0
  array[9] = 0
Ok
```
When referencing arrays, always keep track of its size. Store that in a variable; don't hard-code an array size. Otherwise, your program might stray outside the array bounds when you later update it to use a different array size, but you forget to change the hard-coded array length.
### 3\. Overflowing a string
Strings are just arrays of a different kind. In the C programming language, a string is an array of `char` values, with a zero character to indicate the end of the string.
And so, like arrays, you need to avoid going outside the range of the string. This is sometimes called _overflowing a string_.
One easy way to overflow a string is to read data with the `gets` function. The `gets` function is very dangerous because it doesn't know how much data it can store in a string, and it naively reads data from the user. This is fine if your user enters short strings like `foo` but can be disastrous when the user enters a value that is too long for your string value.
Here's a sample program that reads a city name using the `gets` function. In this program, I've also added a few unused variables to show how string overflow can affect other data:
```
#include <stdio.h>
#include <string.h>
int
main()
{
  char name[10];                       /* Such as "Chicago" */
  int var1 = 1, var2 = 2;
  /* show initial values */
  [printf][3]("var1 = %d; var2 = %d\n", var1, var2);
  /* this is bad .. please don't use gets */
  [puts][2]("Where do you live?");
  [gets][6](name);
  /* show ending values */
  [printf][3]("<%s> is length %d\n", name, [strlen][7](name));
  [printf][3]("var1 = %d; var2 = %d\n", var1, var2);
  /* done */
  [puts][2]("Ok");
  return 0;
}
```
That program works fine when you test for similarly short city names, like `Chicago` in Illinois or `Raleigh` in North Carolina:
```
var1 = 1; var2 = 2
Where do you live?
Raleigh
<Raleigh> is length 7
var1 = 1; var2 = 2
Ok
```
The Welsh town of `Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch` has one of the longest names in the world. At 58 characters, this string goes well beyond the 10 characters reserved in the `name` variable. As a result, the program stores values in other areas of memory, including the values of `var1` and `var2`:
```
var1 = 1; var2 = 2
Where do you live?
Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch
<Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch> is length 58
var1 = 2036821625; var2 = 2003266668
Ok
Segmentation fault (core dumped)
```
Before aborting, the program used the long string to overwrite other parts of memory. Note that `var1` and `var2` no longer have their starting values of `1` and `2`.
Avoid `gets`, and use safer methods to read user data. For example, the `getline` function will allocate enough memory to store user input, so the user cannot accidentally overflow the string by entering a long value.
### 4\. Freeing memory twice
One of the rules of good C programming is, "if you allocate memory, you should free it." Programs can allocate memory for arrays and strings using the `malloc` function, which reserves a block of memory and returns a pointer to the starting address in memory. Later, the program can release the memory using the `free` function, which uses the pointer to mark the memory as unused.
However, you should only use the `free` function once. Calling `free` a second time will result in unexpected behavior that will probably break your program. Here's a short example program to show that. It allocates memory, then immediately releases it. But like a forgetful-but-methodical programmer, I also freed the memory at the end of the program, resulting in freeing the same memory twice:
```
#include <stdio.h>
#include <stdlib.h>
int
main()
{
  int *array;
  [puts][2]("malloc an array ...");
  array = [malloc][4](sizeof(int) * 5);
  if (array) {
    [puts][2]("malloc succeeded");
    [puts][2]("Free the array...");
    [free][5](array);
  }
  [puts][2]("Free the array...");
  [free][5](array);
  [puts][2]("Ok");
}
```
Running this program causes a dramatic failure on the second use of the `free` function:
```
malloc an array ...
malloc succeeded
Free the array...
Free the array...
free(): double free detected in tcache 2
Aborted (core dumped)
```
Avoid calling `free` more than once on an array or string. One way to avoid freeing memory twice is to locate the `malloc` and `free` functions in the same function.
For example, a solitaire program might allocate memory for a deck of cards in the main function, then use that deck in other functions to play the game. Free the memory in the main function, rather than some other function. Keeping the `malloc` and `free` statements together helps to avoid freeing memory more than once.
### 5\. Using invalid file pointers
Files are a handy way to store data. For example, you might store configuration data for your program in a file called `config.dat`. The Bash shell reads its initial script from `.bash_profile` in the user's home directory. The GNU Emacs editor looks for the file `.emacs` for its starting values. And the Zoom meeting client uses the `zoomus.conf` file to read its program configuration.
So the ability to read data from a file is important for pretty much all programs. But what if the file you want to read isn't there?
To read a file in C, you first open the file using the `fopen` function, which returns a stream pointer to the file. You can use this pointer with other functions to read data, such as `fgetc` to read the file one character at a time.
If the file you want to read isn't there or isn't readable by your program, then the `fopen` function will return `NULL` as the file pointer, which is an indication the file pointer is invalid. But here's a sample program that innocently does not check if `fopen` returned `NULL` and tries to read the file regardless:
```
#include <stdio.h>
int
main()
{
  FILE *pfile;
  int ch;
  [puts][2]("Open the FILE.TXT file ...");
  pfile = [fopen][8]("FILE.TXT", "r");
  /* you should check if the file pointer is valid, but we skipped that */
  [puts][2]("Now display the contents of FILE.TXT ...");
  while ((ch = [fgetc][9](pfile)) != EOF) {
    [printf][3]("<%c>", ch);
  }
  [fclose][10](pfile);
  /* done */
  [puts][2]("Ok");
  return 0;
}
```
When you run this program, the first call to `fgetc` results in a spectacular failure, and the program immediately aborts:
```
Open the FILE.TXT file ...
Now display the contents of FILE.TXT ...
Segmentation fault (core dumped)
```
Always check the file pointer to ensure it's valid. For example, after calling `fopen` to open a file, check the pointer's value with something like `if (pfile != NULL)` to ensure that the pointer is something you can use.
We all make mistakes, and programming bugs happen to the best of programmers. But if you follow these guidelines and add a little extra code to check for these five types of bugs, you can avoid the most serious C programming mistakes. A few lines of code up front to catch these errors may save you hours of debugging later.
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/10/programming-bugs
作者:[Jim Hall][a]
选题:[lujun9972][b]
译者:[unigeorge](https://github.com/unigeorge)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/jim-hall
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/bug_software_issue_tracking_computer_screen.jpg?itok=6qfIHR5y (Bug tracking magnifying glass on computer screen)
[2]: http://www.opengroup.org/onlinepubs/009695399/functions/puts.html
[3]: http://www.opengroup.org/onlinepubs/009695399/functions/printf.html
[4]: http://www.opengroup.org/onlinepubs/009695399/functions/malloc.html
[5]: http://www.opengroup.org/onlinepubs/009695399/functions/free.html
[6]: http://www.opengroup.org/onlinepubs/009695399/functions/gets.html
[7]: http://www.opengroup.org/onlinepubs/009695399/functions/strlen.html
[8]: http://www.opengroup.org/onlinepubs/009695399/functions/fopen.html
[9]: http://www.opengroup.org/onlinepubs/009695399/functions/fgetc.html
[10]: http://www.opengroup.org/onlinepubs/009695399/functions/fclose.html

408
translated/tech/20211014 5 common bugs in C programming and how to fix them.md Normal file
View File

@ -0,0 +1,408 @@
[#]: subject: "5 common bugs in C programming and how to fix them"
[#]: via: "https://opensource.com/article/21/10/programming-bugs"
[#]: author: "Jim Hall https://opensource.com/users/jim-hall"
[#]: collector: "lujun9972"
[#]: translator: "unigeorge"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
C 语言编程中的 5 个常见 bug 及对应解决方案
======
增强 C 语言程序弹性和可靠性的五种方法。
![Bug tracking magnifying glass on computer screen][1]
即使是最好的程序员也无法完全避免 bug。这些 bug 可能会引入安全漏洞、导致程序崩溃或产生意外操作,具体影响要取决于程序的运行逻辑。
C 语言有时名声不太好,因为它不像近期的编程语言(比如 Rust那样具有内存安全性。但是通过额外的代码一些最常见和严重的 C 语言 bug 是可以避免的。下文讲解了可能影响应用程序的五个 bug 以及避免这些 bug 的方法:
### 1\. 未初始化的变量
程序启动时,系统会为其分配一块内存以供存储数据。这意味着程序启动时,变量将获得内存中的一个随机值。
有些编程环境会在程序启动时特意将内存“清零”,因此每个变量都得以有初始的零值。程序中的变量都以零值作为初始值,听上去是很不错的。但是在 C 编程规范中,系统并不会初始化变量。
看一下这个使用了若干变量和两个数组的示例程序:
```
#include <stdio.h>
#include <stdlib.h>
int
main()
{
  int i, j, k;
  int numbers[5];
  int *array;
  [puts][2]("These variables are not initialized:");
  [printf][3]("  i = %d\n", i);
  [printf][3]("  j = %d\n", j);
  [printf][3]("  k = %d\n", k);
  [puts][2]("This array is not initialized:");
  for (i = 0; i < 5; i++) {
    [printf][3]("  numbers[%d] = %d\n", i, numbers[i]);
  }
  [puts][2]("malloc an array ...");
  array = [malloc][4](sizeof(int) * 5);
  if (array) {
    [puts][2]("This malloc'ed array is not initialized:");
    for (i = 0; i < 5; i++) {
      [printf][3]("  array[%d] = %d\n", i, array[i]);
    }
    [free][5](array);
  }
  /* done */
  [puts][2]("Ok");
  return 0;
}
```
这个程序不会初始化变量,所以变量以系统内存中的随机值作为初始值。在我的 Linux 系统上编译和运行这个程序,会看到一些变量恰巧有“零”值,但其他变量并没有:
```
These variables are not initialized:
  i = 0
  j = 0
  k = 32766
This array is not initialized:
  numbers[0] = 0
  numbers[1] = 0
  numbers[2] = 4199024
  numbers[3] = 0
  numbers[4] = 0
malloc an array ...
This malloc'ed array is not initialized:
  array[0] = 0
  array[1] = 0
  array[2] = 0
  array[3] = 0
  array[4] = 0
Ok
```
很幸运,`i` 和 `j` 变量是从零值开始的,但 `k` 的起始值为 32766。在 numbers 数组中,大多数元素也恰好从零值开始,只有第三个元素的初始值为 4199024。
在不同的系统上编译相同的程序,可以进一步显示未初始化变量的危险性。不要误以为“全世界都在运行 Linux”你的程序很可能某天在其他平台上运行。例如下面是在 FreeDOS 上运行相同程序的结果:
```
These variables are not initialized:
  i = 0
  j = 1074
  k = 3120
This array is not initialized:
  numbers[0] = 3106
  numbers[1] = 1224
  numbers[2] = 784
  numbers[3] = 2926
  numbers[4] = 1224
malloc an array ...
This malloc'ed array is not initialized:
  array[0] = 3136
  array[1] = 3136
  array[2] = 14499
  array[3] = -5886
  array[4] = 219
Ok
```
永远都要记得初始化程序的变量。如果你想让变量将以零值作为初始值,请额外添加代码将零分配给该变量。预先编好这些额外的代码,这会有助于减少日后让人头疼的 debug 过程。
### 2\. 数组越界
C 语言中,数组索引从零开始。这意味着对于长度为 10 的数组,索引是从 0 到 9长度为 1000 的数组,索引则是从 0 到 999。
程序员有时会忘记这一点,他们从索引 1 开始引用数组,产生了<ruby>“大小差一”<rt>off by one</rt></ruby> bug。在长度为 5 的数组中程序员在索引“5”处使用的值实际上并不是数组的第 5 个元素。相反,它是内存中的一些其他值,根本与此数组无关。
这是一个数组越界的示例程序。该程序使用了一个只含有 5 个元素的数组,但却引用了该范围之外的数组元素:
```
#include <stdio.h>
#include <stdlib.h>
int
main()
{
  int i;
  int numbers[5];
  int *array;
  /* test 1 */
  [puts][2]("This array has five elements (0 to 4)");
  /* initalize the array */
  for (i = 0; i < 5; i++) {
    numbers[i] = i;
  }
  /* oops, this goes beyond the array bounds: */
  for (i = 0; i < 10; i++) {
    [printf][3]("  numbers[%d] = %d\n", i, numbers[i]);
  }
  /* test 2 */
  [puts][2]("malloc an array ...");
  array = [malloc][4](sizeof(int) * 5);
  if (array) {
    [puts][2]("This malloc'ed array also has five elements (0 to 4)");
    /* initalize the array */
    for (i = 0; i < 5; i++) {
      array[i] = i;
    }
    /* oops, this goes beyond the array bounds: */
    for (i = 0; i < 10; i++) {
      [printf][3]("  array[%d] = %d\n", i, array[i]);
    }
    [free][5](array);
  }
  /* done */
  [puts][2]("Ok");
  return 0;
}
```
可以看到,程序初始化了数组的所有值(从索引 0 到 4然后从索引 0 开始读取,结尾是索引 9 而不是索引 4。前五个值是正确的再后面的值会让你不知所以
```
This array has five elements (0 to 4)
  numbers[0] = 0
  numbers[1] = 1
  numbers[2] = 2
  numbers[3] = 3
  numbers[4] = 4
  numbers[5] = 0
  numbers[6] = 4198512
  numbers[7] = 0
  numbers[8] = 1326609712
  numbers[9] = 32764
malloc an array ...
This malloc'ed array also has five elements (0 to 4)
  array[0] = 0
  array[1] = 1
  array[2] = 2
  array[3] = 3
  array[4] = 4
  array[5] = 0
  array[6] = 133441
  array[7] = 0
  array[8] = 0
  array[9] = 0
Ok
```
引用数组时,始终要记得追踪数组大小。将数组大小存储在变量中;不要对数组大小进行<ruby>硬编码<rt>hard-code</rt></ruby>。否则,如果后期该标识符指向另一个不同大小的数组,却忘记更改硬编码的数组长度
时,程序就可能会发生数组越界。
### 3\. 字符串溢出
字符串只是特定类型的数组。在 C 语言中,字符串是一个由 `char` 类型值组成的数组,其中用一个零字符表示字符串的结尾。
因此,与数组一样,要注意避免超出字符串的范围。有时也称之为 _字符串溢出_
使用 `gets` 函数读取数据是一种很容易发生字符串溢出的行为方式。`gets` 函数非常危险,因为它不知道在一个字符串中可以存储多少数据,只会机械地从用户那里读取数据。如果用户输入像 `foo` 这样的短字符串,不会发生意外;但是当用户输入的值超过字符串长度时,后果可能是灾难性的。
下面是一个使用 `gets` 函数读取城市名称的示例程序。在这个程序中,我还添加了一些未使用的变量,来展示字符串溢出对其他数据的影响:
```
#include <stdio.h>
#include <string.h>
int
main()
{
  char name[10];                       /* Such as "Chicago" */
  int var1 = 1, var2 = 2;
  /* show initial values */
  [printf][3]("var1 = %d; var2 = %d\n", var1, var2);
  /* this is bad .. please don't use gets */
  [puts][2]("Where do you live?");
  [gets][6](name);
  /* show ending values */
  [printf][3]("<%s> is length %d\n", name, [strlen][7](name));
  [printf][3]("var1 = %d; var2 = %d\n", var1, var2);
  /* done */
  [puts][2]("Ok");
  return 0;
}
```
当您测试类似的短城市名称时,该程序运行良好,例如伊利诺伊州的<ruby>`芝加哥`<rt>Chicago</rt></ruby>或北卡罗来纳州的<ruby>`罗利`<rt>Raleigh</rt></ruby>
```
var1 = 1; var2 = 2
Where do you live?
Raleigh
<Raleigh> is length 7
var1 = 1; var2 = 2
Ok
```
威尔士小镇 `Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch` 有着世界上最长的名字之一。这个字符串有 58 个字符,远远超出了 `name` 变量中保留的 10 个字符。结果,程序将值存储在内存的其他区域,覆盖了 `var1``var2` 的值:
```
var1 = 1; var2 = 2
Where do you live?
Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch
<Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch> is length 58
var1 = 2036821625; var2 = 2003266668
Ok
Segmentation fault (core dumped)
```
在运行结束之前,程序会用长字符串覆盖内存的其他部分区域。注意,`var1` 和 `var2` 的值不再是起始的 `1``2`
避免使用 `gets` 函数,改用更安全的方法来读取用户数据。例如,`getline` 函数会分配足够的内存来存储用户输入,因此不会因输入长值而发生意外的字符串溢出。
### 4\. 重复释放内存
“分配的内存要手动释放”是良好的 C 语言编程原则之一。程序可以使用 `malloc` 函数为数组和字符串分配内存,该函数会开辟一块内存,并返回一个指向内存中起始地址的指针。之后,程序可以使用 `free` 函数释放内存,该函数会使用指针将内存标记为未使用。
但是,你应该只使用一次 `free` 函数。第二次调用 `free` 会导致意外的后果,可能会毁掉你的程序。下面是一个针对此点的简短示例程序。程序分配了内存,然后立即释放了它。但为了模仿一个健忘但有条理的程序员,我在程序结束时又一次释放了内存,导致两次释放了相同的内存:
```
#include <stdio.h>
#include <stdlib.h>
int
main()
{
  int *array;
  [puts][2]("malloc an array ...");
  array = [malloc][4](sizeof(int) * 5);
  if (array) {
    [puts][2]("malloc succeeded");
    [puts][2]("Free the array...");
    [free][5](array);
  }
  [puts][2]("Free the array...");
  [free][5](array);
  [puts][2]("Ok");
}
```
运行这个程序会导致第二次使用 `free` 函数时出现戏剧性的失败:
```
malloc an array ...
malloc succeeded
Free the array...
Free the array...
free(): double free detected in tcache 2
Aborted (core dumped)
```
要记得避免在数组或字符串上多次调用 `free`。将 `malloc``free` 函数定位在同一个函数中,这是避免重复释放内存的一种方法。
例如,一个纸牌游戏程序可能会在主函数中为一副牌分配内存,然后在其他函数中使用这副牌来玩游戏。记得在主函数,而不是其他函数中释放内存。将 `malloc``free` 语句放在一起有助于避免多次释放内存。
### 5\. 使用无效的文件指针
文件是一种便捷的数据存储方式。例如,你可以将程序的配置数据存储在 `config.dat` 文件中。Bash shell 会从用户家目录中的`.bash_profile` 读取初始化脚本。GNU Emacs 编辑器会寻找文件 `.emacs` 以从中确定起始值。而 Zoom 会议客户端使用 `zoomus.conf` 文件读取其程序配置。
所以,从文件中读取数据的能力几乎对所有程序都很重要。但是假如要读取的文件不存在,会发生什么呢?
在 C 语言中读取文件,首先要用 `fopen` 函数打开文件,该函数会返回指向文件的流指针。你可以结合其他函数,使用这个指针来读取数据,例如 `fgetc` 会逐个字符地读取文件。
If the file you want to read isn't there or isn't readable by your program, then the `fopen` function will return `NULL` as the file pointer, which is an indication the file pointer is invalid. But here's a sample program that innocently does not check if `fopen` returned `NULL` and tries to read the file regardless:
如果要读取的文件不存在或程序没有读取权限,`fopen` 函数会返回 `NULL` 作为文件指针,这表示文件指针无效。但是这里有一个示例程序,它机械地直接去读取文件,不检查 `fopen` 是否返回了 `NULL`
```
#include <stdio.h>
int
main()
{
  FILE *pfile;
  int ch;
  [puts][2]("Open the FILE.TXT file ...");
  pfile = [fopen][8]("FILE.TXT", "r");
  /* you should check if the file pointer is valid, but we skipped that */
  [puts][2]("Now display the contents of FILE.TXT ...");
  while ((ch = [fgetc][9](pfile)) != EOF) {
    [printf][3]("<%c>", ch);
  }
  [fclose][10](pfile);
  /* done */
  [puts][2]("Ok");
  return 0;
}
```
当你运行这个程序时,第一次调用 `fgetc` 会失败,程序会立即中止:
```
Open the FILE.TXT file ...
Now display the contents of FILE.TXT ...
Segmentation fault (core dumped)
```
始终检查文件指针以确保其有效。例如,在调用 `fopen` 打开一个文件后,用类似 `if (pfile != NULL)` 的语句检查指针,以确保指针是可以使用的。
人都会犯错,最优秀的程序员也会产生编程 bug。但是遵循上面这些准则添加一些额外的代码来检查这五种类型的 bug就可以避免最严重的 C 语言编程错误。提前编写几行代码来捕获这些错误,可能会帮你节省数小时的调试时间。
--------------------------------------------------------------------------------
via: https://opensource.com/article/21/10/programming-bugs
作者:[Jim Hall][a]
选题:[lujun9972][b]
译者:[unigeorge](https://github.com/unigeorge)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/jim-hall
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/bug_software_issue_tracking_computer_screen.jpg?itok=6qfIHR5y (Bug tracking magnifying glass on computer screen)
[2]: http://www.opengroup.org/onlinepubs/009695399/functions/puts.html
[3]: http://www.opengroup.org/onlinepubs/009695399/functions/printf.html
[4]: http://www.opengroup.org/onlinepubs/009695399/functions/malloc.html
[5]: http://www.opengroup.org/onlinepubs/009695399/functions/free.html
[6]: http://www.opengroup.org/onlinepubs/009695399/functions/gets.html
[7]: http://www.opengroup.org/onlinepubs/009695399/functions/strlen.html
[8]: http://www.opengroup.org/onlinepubs/009695399/functions/fopen.html
[9]: http://www.opengroup.org/onlinepubs/009695399/functions/fgetc.html
[10]: http://www.opengroup.org/onlinepubs/009695399/functions/fclose.html