cross-posted from: https://lemm.ee/post/4890334

cross-posted from: https://lemm.ee/post/4890282

let’s say I have this code

` #include #include char name[50]; int main(){ fgets(name,50,stdin); name[strcspn(name, “\n”)] = ‘\0’; printf(“hi %s”, name); }

` and I decide my name is “ewroiugheqripougheqpiurghperiugheqrpiughqerpuigheqrpiugherpiugheqrpiughqerpioghqe4r”, my program will throw some unexpected behavior. How would I mitigate this?

  • mo_ztt ✅@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago
    1. In almost all cases you want to be using some encapsulated string class (glib string, C++ string, something like that). The reason is that your question honestly doesn’t really have a good answer. I.e., if you’re storing the name in a statically-allocated char buffer, someone has a name that’s more than 50 characters, you’re screwed. “Screwed” can include all kinds of things up to and include crashing your program or introducing a way for people to enter a malicious name and take over your program.
    2. If you’re really set on doing this, e.g. you just want to do this learn about C memory management, then probably what you want is a dynamic buffer. Find out the length of the name before you allocate the place for it, use malloc() to get a buffer of the size you actually need, and put the string there. It’s highly unusual that in a modern application, doing this type of thing yourself is worth the effort and risk it creates though.