[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [CPROG] Bugg eller tankemiss ??



On Wed, 10 Mar 1999, Joachim Holst wrote:
[...]

> Eftersom jag använder gets() som levererar en varning om osäkerhet,

Med god grund!!!! gets() bør ikke anvendes _OVERHOVEDET_ og burde ikke
længere findes i standard-biblioteket!!! At anvende gets() er at invitere
problemer indenfor, om ikke nu så i hvert fald senere. 

> så tänkte jag att jag tar och kollar om den inmatade strängen är längre
> än vad jag har plats till. 

Ach, geht nicht: når først gets() har været i aktion er det for sent.

> Om den är det, så tyckte jag att man kan sätta ett NULL tecken manuellt
> och på så sätt unvika buffer overflow. 

Problemet er bare at skaden er sket så snart dit program bevæger sig
udenfor de 41 bytes, der er afsat til den oprindelige buffer. At sætte et
'\0' ind løser ikke problemet. Det svarer til at sætte en bedre lås i
døren når man har haft indbrud: man får ikke sine stjålne ting tilbage,
men kan måske forhindre nye indbrud. 

Pas i øvrigt på med at blande NULL ind i det her, det angiver værdien
(oftest == '\0') af en ikke-initialiseret pointer.

Summa summarum: lad være med at bruge gets()!

/Bjørn

PS. The name's main - int main()

---
"Have you ever noticed that there are plenty of C books with suggestive
names like "C Traps and Pitfalls", or "The C Puzzle Book", but other
programming languages don't have books like that?" - Peter van der Linden





 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 20:07 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *