Hi, Dear All

When I used function fwrite, I encountered the following message:

Bad address

Here's my C source:

#include <string.h>
#include <stdio.h>

#define BUFFSIZE 1024

int
main (void)
{
FILE *fp;
size_t n;
char data[BUFFSIZE];

if ((fp = fopen ("abc.txt", "w")) == NULL)
perror ("can not open abc.txt");

memset (&data[0], 0, sizeof (data));

if ((n = fwrite (&data[0], sizeof (data), 4, fp)) != 4)
perror ("fwrite error");

exit (0);

if I modify the fwrite statement as follow:

if ((n = fwrite (&data[0], sizeof (data), 1, fp)) != 1)

No error message and file "abc.txt" was written correctly.  So
fwrite can not work with array?

Thanks in advance.

best regards,
Dai Yuwen
--

[-]
perror() does not cause the application to exit, say you're
going to continue even where "abc.txt" could not be opened.
[-]
[-]
Wrong. See the fwrite(3c) as this means "write four times
the size of data (BUFFSIZE) from the buffer which starts
at address "&data[0]". Say after BUFFSIZE bytes fwrite()
tries to access "whatever" memory.

[-]

[-]
See before - one time the size of data is fine of course, as
would be ...
fwrite( data, 1, sizeof(data) != sizeof(data) )
... say "write one byte sizeof(data) times".

Cheers,
Juergen

--
\ Real name     : Juergen Heinzl       \       no flames      /

--

Try indenting your source, and not with tabs.  When in doubt, read
the documentation.  The C standard (N869) says:

7.19.8.2  The fwrite function

Synopsis

[#1]
        #include <stdio.h>
        size_t fwrite(const void * restrict ptr,
                size_t size, size_t nmemb,
                FILE * restrict stream);

Description

[#2] The fwrite function writes, from the array  pointed  to
by  ptr,  up  to  nmemb  elements whose size is specified by
size, to the stream pointed to by stream.  The file position
indicator  for  the  stream  (if defined) is advanced by the
number of characters  successfully  written.   If  an  error
occurs,  the  resulting value of the file position indicator
for the stream is indeterminate.

Returns

[#3] The fwrite function  returns  the  number  of  elements
successfully  written, which will be less than nmemb only if
a write error is encountered.

..............

Now think about what you asked fwrite to do in both those
statements, and where it is supposed to get the data to write.
You might also think about the 'type' of the entity 'data', and
thus the meaning of "sizeof data".

--

   Available for consulting/temporary embedded and systems.
   (Remove "XXXX" from reply address. yahoo works unmodified)

--

Sure it can, but you told it to write 4 times as much data
as the size of the whole array.
--

Here is your problem ----------------------^^^^
data is an array of BUFFSIZE bytes
sizeof data is BUFFSIZE -- sizeof (char) is by definition 1
you are asking fwrite() to write to the file fp 4 * BUFFSIZE bytes
from the buffer data.
However data[] is only defined from 0 to BUFFSIZE-1
reading beyond BUFFSIZE -1 is reading from memory space that
does not belong to your buffer.

if ((n = fwrite (data, sizeof (data), 1, fp)) != 1)
you could also

if ((n = fwrite (data,1, sizeof data,fp)) !=sizeof data)

return 0; /* since you promised to return an int */
Of course you can write out an array. You just should not
read from beyond the end of your buffer!

Roger...
--

Your original code causes a buffer overflow.  data is an array of
BUFFSIZE characters.  Therefore sizeof(data) is equal to BUFFSIZE.
Your fwrite statement says to start at the first character of data and
to write 4*BUFFSIZE bytes to the file.  data does not have that many
bytes.  When you get to the end of data, you attempt to access memory
which does not belong to you (or at least not to data).  That is
indeed a bad address.

<<Remove the del for email>>
--

This is seriously wrong. The second argument of fwrite is supposed to
be the size of one *element* of the array pointed to by the first
argument, not the size of the array as a whole.  Make that

        fwrite (data, sizeof(data[0]), 4, fp)

and you'll be on solid ground.  Note that data is the same as
&data[0], because the latter expands to &(*(data + 0)), and the &(*())
sequence of operators is a no-op, if applied to a valid pointer.

This is a bit fishy, too, but still better than your other try.  Here,
you should have written

        fwrite(&data, sizeof(data), 1, fp)

to more clearly incidate that this call is writing 1 copy of the whole
array 'data', not just some of its elements.

It can --- if you call it correctly.
--

Even if all the snow were burnt, ashes would remain.
--

[...]

You have just told fwrite() to write out 4 times the number of bytes
as are in the data[] array.  This is undefined behavior.  (Where did
you get the "4" from?)

[...]

That is correct.  You are now writing exactly the number of bytes as
are in the data[] array.

--

+---------+----------------------------------+-----------------------------+
| Kenneth |     kenbrody at spamcop.net      | "The opinions expressed     |
|    J.   |                                  |  herein are not necessarily |
|  Brody  |    http://www.hvcomputer.com     |  those of fP Technologies." |
+---------+----------------------------------+-----------------------------+
GCS (ver 3.12) d- s+++: a C++$(+++) ULAVHSC^++++$ P+>+++ L+(++) E-(---)

    DI+(++++) D---() G e* h---- r+++ y?
--