问题描述

要从文件中读取行，请使用getline()和fgets() POSIX函数(忽略可怕的gets()).通常，getline()比fgets()更可取，因为它会根据需要分配行缓冲区.

To read lines from a file there are the getline() and fgets() POSIX functions (ignoring the dreaded gets()). It is common sense that getline() is preferred over fgets() because it allocates the line buffer as needed.

我的问题是:那不是很危险吗?如果某人出于偶然或出于恶意目的创建了一个100GB的文件而没有'\n'字节怎么办–不会使我的getline()调用分配大量的内存吗?

My question is: Isn’t that dangerous? What if by accident or malicious intent someone creates a 100GB file with no '\n' byte in it – won’t that make my getline() call allocate an insane amount of memory?

推荐答案

是的，您所描述的是一个合理的风险.但是，

Yes, what you describe is a plausible risk. However,

• 如果程序需要立即将整行加载到内存中，那么允许getline()尝试执行此操作本质上不会比编写自己的代码来使用fgets()冒更大的风险；和
• 如果您的程序具有这样的漏洞，则可以通过使用setrlimit()限制它可以保留的(虚拟)内存总量来减轻风险.这可能导致失败，而不是成功分配足够的内存来干扰系统的其余部分.

• if the program requires loading an entire line into memory at once, then allowing getline() to attempt to do that is not inherently more risky than writing your own code to do it with fgets(); and
• if you have a program that has such a vulnerability, then you can mitigate the risk by using setrlimit() to limit the total amount of (virtual) memory it can reserve. This can be used to cause it to fail instead of successfully allocating enough memory to interfere with the rest of the system.

我认为最好的总体做法是首先编写不需要以全行(一次)输入的代码，但是这种方法有其自身的复杂性.

Best overall, I'd argue, is to write code that does not require input in units of full lines (all at once) in the first place, but such an approach has its own complexities.

这篇关于getline()与fgets():控制内存分配的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！