2012年5月8日 星期二

Concern about _itoa()

char *c1;
int lens = 8;
c1 = (char *)malloc( lens * sizeof(char) );

for ( int i = 0; i < lens; i++ )
{
    _itoa( i, &c1[i], 10 );
}

free( c1 );

Above things perhaps  is right. Howerver, it will crash at free( c1 ). It says there is a heap overflow problem. Because _itoa at the same time set ASCII at index item and set the index+1 item to '\0', it will access the c1[lens] item....Therefore, that occurs crash.

沒有留言:

張貼留言