linux 中的文件漏洞是如何工作的

Question

我对文件漏洞在 linux 上的工作方式有点困惑：

  int fd = open("/tmp/file1", O_RDWR | O_TRUNC);
  write(fd, "bbbb", 4);
  lseek(fd, SEEK_SET, 10000);
  write(fd, "aaaa", 4);
  lseek(fd, SEEK_SET, 50);
  write(fd, "cccc", 4);
  close(fd);

为什么猫/tmp/file1产生

bbbbaaaacccc

？不应该是bbbcccaaa吗？因为 aaaa 是在偏移量 10000 处写入的？

更新：lseek 的 return -1 与 EINVAL。

Answer 1

由于 "Are you sure that lseek is successful in all calls? You do not check its result code." 帮助确定了一个问题，我建议在您的文件系统调用之后添加：

  int res = lseek(fd, 10000, SEEK_SET);
  if (res == -1) {
    perror("lseek has failed");
    return 1;
  }

您的问题是您使用的参数顺序错误：

lseek(fd, SEEK_SET, 10000); /* WRONG order for second and third parametes ! */

正确顺序：

lseek(fd, 10000, SEEK_SET);

这是一个人 lseek:

off_t lseek(int fd, off_t offset, int whence);

The lseek() function repositions the file offset of the open file
description associated with the file descriptor fd to the argument
offset according to the directive whence as follows:

SEEK_SET
      The file offset is set to offset bytes.

SEEK_CUR
      The file offset is set to its current location plus offset bytes.

SEEK_END
      The file offset is set to the size of the file plus offset
              bytes.