Newfags can't figure out why this code is dangerous

Newfags can't figure out why this code is dangerous

Attached: 450eab9d.png (454x251, 7K)

user doesnt input 16 characters you get a problem

Space?

Let him do this how homework, faggots.

It's not dangerous if you use a modern compiler

i only yook 1 programming class in community college wanted to test my knowledge

you're using the wrong language

If you input 17 characters you will go gay.

nscanf

What's a "Mr."? Did you mean -san?

I don’t see how it’s “dangerous”, but I can see that it just doesn’t work for those with long names.

Absolute brainlet here, don't know anything about C.

I assume the problem comes from the 16 char limit to the char array, and also the final element must be a null char. So effectively, you can only enter a name with 15 characters before it goes bonkers.

You're right, user.

You're assuming the user's gender?

kek

Why does C do this?
In other languages, you don't have to set a limit of chars for a string. It's one of the things that's always confused me about C (albeit I haven't done that much with it yet)
lol

That's because C doesn't really have a string data type, only arrays of characters.

You can dynamically allocate the memory for the string, allowing it to have an arbitrary size

it's dangerous because it's a shit language and CS is a shit major that losers get

Use a rapid development language and make actual useful applications

I hope you have $100K USD college loan debt you piece of human filfth

Scanf writes whatever you enter that matches the type specified in the formatter to the pointer, it's not supposed to input validation for you

Buffer overflow after 16 chars

There did your homework.

>t. Rust programmer
pic related, it's u

Attached: 1527932065477.jpg (306x391, 21K)

16 char string with no variable

I read the cow book a long time ago when I first started programming and they had some roundabout way of getting input and I think I learned why they did it that way but I forgot by now. my gpa is like 2. I started getting really good at technology early in high school but then steeply declined. now I can't do anything. before I got into tech I could draw pretty well, now I cant do that anymore

That's considerd dangerous, you don't want your system to catch the big gay just because some Mexican with 57 middle names decides to put em all in

>I don’t see how it’s “dangerous”
It is a potential buffer overflow. In this case, the buffer is allocated on the stack, meaning that an overflow could overwrite the return address from main and jump to anywhere in memory instead of returning out to the loader for a normal process exit.

in english, doc

>newfags can't figure out why code is dangerous
Problematic part is second print statement. It assumes users gender.

Most modern compilers include stack cookies
If he isn't able to get past those via an info leak or some shit, there's other things you can target, I.e. if there is a function pointer on the stack for some reason you could modify that and control RIP that eay

>string
Care to elaborate? I don't see the string in OP program.

Someone can exploit a buffer overflow and inject random memory addresses and even code into your process.

is that opal hahaha

I don't really use C ever and someone already told me that there are no strings only arrays of characters
bit too late to be a smart ass, my man

this is the only answer google was looking for, you're hired

I've never heard of a stack cookie before. Is that a well-established term?

Anyway, looking at my version of GCC's output, it doesn't do anything like that, but with techniques like NX and ASLR it is quite hard to predict memory locations.

I think they're referred to as stack canaries on the linux side, they're relatively common
NX was made to allow more refined page permissions, before you could just throw executable code on your stack and return to it, now you've gotta allocate it and change the page permissions, which is a big more complicated

Attached: FTGbjTa[1].png (540x810, 37K)

>I think they're referred to as stack canaries on the linux side, they're relatively common
Ah, thanks. Yeah, I've heard this term, but I'll admit that this isn't my strongest game.

>NX was made to allow more refined page permissions, before you could just throw executable code on your stack and return to it
Exactly. Could just do a NOP slide and run arbitrary code.

Thanks user, I have something interesting to learn on my day off :)

How can one confuse
> char name [16]
with string is beyond me.

>67435713 (You)

(you)

flare-on's ctf is going on right now if you want to dive into reversing, the first few challs are pretty easy

why is it such a tedium to work with strings in c/c++? In Python it's much easier

thanks op just came on cat he overflowed at me

ida poster on g this is rare

because it's made with only wh*te m*n in mind.
>16 characters only
>Mr.

>*sips*
>Yup, now C - that was a real language. Three ways of working with strings and none of them memory safe! They don't make 'em like they used to.

because it's c and unless it's some place where you just can't use anything else you should never use it for stuff where security and stability is critical

Patel, Nguyen, Petrov, Ncube, Pai

I love C

because C is the simplest of all low-level compiled languages

>Why does C do this?
Because it's a stack allocation. You don't want dynamic allocation on the stack, that's retarded and very ugly.

>In other languages, you don't have to set a limit of chars for a string.
You can call malloc and dynamically allocate/reallocate as much memory as you need, roughly equivalent to new keywords.

One thing got me confused here. Why the fuck would you limit the amount of characters the user can input as his name?

It's always better to use an address that isn't gender-neutral.

The retarded C language makes you do it. This is why I gave up learning C. Too gombligated for me.

you can always become a tranny if you aren't good at anything

Only C does this.

You have to look at what C really is, namely a portable assembly. It was a break-through in times where most people just programmed assembly, but these days it isn't considered especially high-level. However, modern languages need to take the exact the same limitations to consideration under the hood, but they hide this away from the programmer through abstractions.

Writing correct C code is a tedious and slow process, but it is necessary where you need to do low-level interactions with kernel or even hardware, or in the cases you need a finer-grained control over memory allocations and memory accesses.

You're quite a CHARacter hahahahahah ha haha hahahah

Because not limiting the number of characters would be much more verbose and harder to write without relying on things outside the language / standard library specification.
Yes, writing faulty code in C is easier than doing it right.
Don't forget, this is a language made for hardware weaker than some microcontrollers, thrown together quickly by a bunch of OS hackers, from an era of language design that still had a giant swath of "here be dragons" on its maps between safety, efficiency and expressiveness.

this is how the jews get free stuff.

I said, ENGLISH

program goes booboo

ah, got it, thanks

>low-level
kek

Every language does this...

#include
#include

int
main(void)
{
char *name;
printf("Please enter your name: ");
scanf("%ms", &name);
printf("Hello, Mr. %s!\n", name);
free(name);
return EXIT_SUCCESS;
}

>Printf
not using cout instead

>babby's programming 101

without reading anything I can say that it will be because of the memory allocation - if i input name AAAABBBBCCCCDDDDE, you will be in problem because E will write into the memory of the program. Either you have a mistake, or you have a possibility for malicious activity.

nice

This is a very simplified view of programs in RAM. They're all lined-up sequentially (not really, but we're simplifying)

-------------
[program 1]
[instructions]
[program built-in data]
[buffer]

so wrong, but so funny.

>gnu style
Eww, nigga.

He said in english. The program will execute the first 16 characters as intended and the next characters after them will be put in memory and executed without it being intended. In other words: 123456789123456 will be name and "sudo rm -rf /*" will be the command to be maliciously executed. All of this will be in the string.

Honestly user, I commend you for your effort, but you're wasting your time. If the /v/ monkey can't understand what you're saying after you rephrase it three times, he's not gonna understand this either.

>be array
>don't know how large you are
just C things

Repost

Arrays know how large they are. However, you're not passing an array to scanf, you're passing a pointer to the first element. A pointer doesn't know that it is pointing to an array or something else.

>there are no arrays, just pointers into magical memory land

shits overflowin yo

There are arrays though.

int main()
{
char array[32];
char* ptr = array;
printf("%zu %zu\n", sizeof(array), sizeof(ptr)); // prints 32 and 8
return 0;
}

It doesn't word-filter toxic words.

Fixed your code for you.

Attached: 87238495789347589.png (1860x867, 256K)

>explicit return
Arrays != pointers.

so much cancer......

>Arrays != pointers.
Duh, that's my fucking point.... It's like you didn't even read before posting, like some autistic sperg.

This is a recurring bait meme thread, not homework

>However, you're not passing an array to scanf, you're passing a pointer to the first element. A pointer doesn't know that it is pointing to an array or something else.
>Doesn't know that C99 and C11 doesn't require an explicit return
I did read. Did you read your own post?

we had this thread like a month ago...

I'm not sure you're using the correct terminology there, kiddo.

What did he mean by this?

>Ceci n'est pas un array

Start with a simple input collection and 20 years later the jews have all the info they need about you. C must be eliminated, wake up sheeple

wouldnt be dangers if you didnt use a fucking meme language you fat incels

>be pointer
>dont point to anything
>but actually do point to something in the infinite void known as """""""""memory""""""""""

Imagine being this stupid.

undefined behaviour. It could possibly crash, but its most likely that nothing bad happens

found the fat incel

how about you malloc some fucking good languages to your brain HAHAHAHAHAHAHAHAHAHAH

your code is assuming my gender

Attached: 1534364746502.png (600x563, 80K)

Imagine unironically being this stupid.