is this program safe from buffer overflow problems

  1. #1
    Cloud13's Clown Reputation: 642
    postrook's Avatar
    Join Date
    Jun 2012
    Posts
    2,842
    Rep Power
    16

    Default is this program safe from buffer overflow problems

    Code:
    #include <stdio.h>
    #include <string.h>
    
    int main() {
        char t;
        char a[3];
        char b='z';
        int n=0;
        while(scanf("%c",&t) && n < 2) {
            a[n] = t;
            n++;
            a[n]='\0';
        }
        printf("%s , %c",a, b);
        return 0;
    }
    to test it, i copypasted 4194304 'a' characters onto the command line.

    output was:

    aa , z


    does that mean this is a safe method of getting user input? anything else i should be aware of?

  2. #2
    Forum PvPer Reputation: 568
    Z0MBiE's Avatar
    Join Date
    Dec 2007
    Location
    [REDACTED]
    Posts
    5,841
    Rep Power
    21

    Default

    seems fine to me, although it's been years and years since I tried this stuff. could be something I'm forgetting.

    anything else i should be aware of?
    as much as I hate to admit it, using C++ is safer.

    the future is bleak, uncertain, beautiful
    tomorrow they might come and arrest us all
    only if you listen closely can you hear the machines
    beneath the side walk whispering
    the machines beneath the side walk are
    always whispering
    strive to listen close
    please, try to be free
    don't be afraid
    the end of the world will never come

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •