Newfags can't figure out why this code is dangerous
Newfags can't figure out why this code is dangerous
user doesnt input 16 characters you get a problem
Space?
Let him do this how homework, faggots.
It's not dangerous if you use a modern compiler
i only yook 1 programming class in community college wanted to test my knowledge
you're using the wrong language
If you input 17 characters you will go gay.
nscanf
What's a "Mr."? Did you mean -san?
I don’t see how it’s “dangerous”, but I can see that it just doesn’t work for those with long names.
Absolute brainlet here, don't know anything about C.
I assume the problem comes from the 16 char limit to the char array, and also the final element must be a null char. So effectively, you can only enter a name with 15 characters before it goes bonkers.
You're right, user.
You're assuming the user's gender?
kek
Why does C do this?
In other languages, you don't have to set a limit of chars for a string. It's one of the things that's always confused me about C (albeit I haven't done that much with it yet)
lol
That's because C doesn't really have a string data type, only arrays of characters.
You can dynamically allocate the memory for the string, allowing it to have an arbitrary size
it's dangerous because it's a shit language and CS is a shit major that losers get
Use a rapid development language and make actual useful applications
I hope you have $100K USD college loan debt you piece of human filfth
Scanf writes whatever you enter that matches the type specified in the formatter to the pointer, it's not supposed to input validation for you
Buffer overflow after 16 chars
There did your homework.
>t. Rust programmer
pic related, it's u
16 char string with no variable
I read the cow book a long time ago when I first started programming and they had some roundabout way of getting input and I think I learned why they did it that way but I forgot by now. my gpa is like 2. I started getting really good at technology early in high school but then steeply declined. now I can't do anything. before I got into tech I could draw pretty well, now I cant do that anymore
That's considerd dangerous, you don't want your system to catch the big gay just because some Mexican with 57 middle names decides to put em all in
>I don’t see how it’s “dangerous”
It is a potential buffer overflow. In this case, the buffer is allocated on the stack, meaning that an overflow could overwrite the return address from main and jump to anywhere in memory instead of returning out to the loader for a normal process exit.
in english, doc
>newfags can't figure out why code is dangerous
Problematic part is second print statement. It assumes users gender.
Most modern compilers include stack cookies
If he isn't able to get past those via an info leak or some shit, there's other things you can target, I.e. if there is a function pointer on the stack for some reason you could modify that and control RIP that eay
>string
Care to elaborate? I don't see the string in OP program.
Someone can exploit a buffer overflow and inject random memory addresses and even code into your process.
is that opal hahaha
I don't really use C ever and someone already told me that there are no strings only arrays of characters
bit too late to be a smart ass, my man
this is the only answer google was looking for, you're hired
I've never heard of a stack cookie before. Is that a well-established term?
Anyway, looking at my version of GCC's output, it doesn't do anything like that, but with techniques like NX and ASLR it is quite hard to predict memory locations.
I think they're referred to as stack canaries on the linux side, they're relatively common
NX was made to allow more refined page permissions, before you could just throw executable code on your stack and return to it, now you've gotta allocate it and change the page permissions, which is a big more complicated
>I think they're referred to as stack canaries on the linux side, they're relatively common
Ah, thanks. Yeah, I've heard this term, but I'll admit that this isn't my strongest game.
>NX was made to allow more refined page permissions, before you could just throw executable code on your stack and return to it
Exactly. Could just do a NOP slide and run arbitrary code.
Thanks user, I have something interesting to learn on my day off :)
How can one confuse
> char name [16]
with string is beyond me.
>67435713 (You)
(you)
flare-on's ctf is going on right now if you want to dive into reversing, the first few challs are pretty easy
why is it such a tedium to work with strings in c/c++? In Python it's much easier
thanks op just came on cat he overflowed at me
ida poster on g this is rare
because it's made with only wh*te m*n in mind.
>16 characters only
>Mr.
>*sips*
>Yup, now C - that was a real language. Three ways of working with strings and none of them memory safe! They don't make 'em like they used to.
because it's c and unless it's some place where you just can't use anything else you should never use it for stuff where security and stability is critical
Patel, Nguyen, Petrov, Ncube, Pai
I love C
because C is the simplest of all low-level compiled languages
>Why does C do this?
Because it's a stack allocation. You don't want dynamic allocation on the stack, that's retarded and very ugly.
>In other languages, you don't have to set a limit of chars for a string.
You can call malloc and dynamically allocate/reallocate as much memory as you need, roughly equivalent to new keywords.
One thing got me confused here. Why the fuck would you limit the amount of characters the user can input as his name?
It's always better to use an address that isn't gender-neutral.
The retarded C language makes you do it. This is why I gave up learning C. Too gombligated for me.
you can always become a tranny if you aren't good at anything
Only C does this.
You have to look at what C really is, namely a portable assembly. It was a break-through in times where most people just programmed assembly, but these days it isn't considered especially high-level. However, modern languages need to take the exact the same limitations to consideration under the hood, but they hide this away from the programmer through abstractions.
Writing correct C code is a tedious and slow process, but it is necessary where you need to do low-level interactions with kernel or even hardware, or in the cases you need a finer-grained control over memory allocations and memory accesses.
You're quite a CHARacter hahahahahah ha haha hahahah
Because not limiting the number of characters would be much more verbose and harder to write without relying on things outside the language / standard library specification.
Yes, writing faulty code in C is easier than doing it right.
Don't forget, this is a language made for hardware weaker than some microcontrollers, thrown together quickly by a bunch of OS hackers, from an era of language design that still had a giant swath of "here be dragons" on its maps between safety, efficiency and expressiveness.
this is how the jews get free stuff.
I said, ENGLISH
program goes booboo
ah, got it, thanks
>low-level
kek
Every language does this...
#include
#include
int
main(void)
{
char *name;
printf("Please enter your name: ");
scanf("%ms", &name);
printf("Hello, Mr. %s!\n", name);
free(name);
return EXIT_SUCCESS;
}
>Printf
not using cout instead
>babby's programming 101
without reading anything I can say that it will be because of the memory allocation - if i input name AAAABBBBCCCCDDDDE, you will be in problem because E will write into the memory of the program. Either you have a mistake, or you have a possibility for malicious activity.
nice
This is a very simplified view of programs in RAM. They're all lined-up sequentially (not really, but we're simplifying)
-------------
[program 1]
[instructions]
[program built-in data]
[buffer]
so wrong, but so funny.
>gnu style
Eww, nigga.
He said in english. The program will execute the first 16 characters as intended and the next characters after them will be put in memory and executed without it being intended. In other words: 123456789123456 will be name and "sudo rm -rf /*" will be the command to be maliciously executed. All of this will be in the string.
Honestly user, I commend you for your effort, but you're wasting your time. If the /v/ monkey can't understand what you're saying after you rephrase it three times, he's not gonna understand this either.
>be array
>don't know how large you are
just C things
Repost
Arrays know how large they are. However, you're not passing an array to scanf, you're passing a pointer to the first element. A pointer doesn't know that it is pointing to an array or something else.
>there are no arrays, just pointers into magical memory land
shits overflowin yo
There are arrays though.
int main()
{
char array[32];
char* ptr = array;
printf("%zu %zu\n", sizeof(array), sizeof(ptr)); // prints 32 and 8
return 0;
}
It doesn't word-filter toxic words.
Fixed your code for you.
>explicit return
Arrays != pointers.
so much cancer......
>Arrays != pointers.
Duh, that's my fucking point.... It's like you didn't even read before posting, like some autistic sperg.
This is a recurring bait meme thread, not homework
>However, you're not passing an array to scanf, you're passing a pointer to the first element. A pointer doesn't know that it is pointing to an array or something else.
>Doesn't know that C99 and C11 doesn't require an explicit return
I did read. Did you read your own post?
we had this thread like a month ago...
I'm not sure you're using the correct terminology there, kiddo.
What did he mean by this?
>Ceci n'est pas un array
Start with a simple input collection and 20 years later the jews have all the info they need about you. C must be eliminated, wake up sheeple
wouldnt be dangers if you didnt use a fucking meme language you fat incels
>be pointer
>dont point to anything
>but actually do point to something in the infinite void known as """""""""memory""""""""""
Imagine being this stupid.
undefined behaviour. It could possibly crash, but its most likely that nothing bad happens
found the fat incel
how about you malloc some fucking good languages to your brain HAHAHAHAHAHAHAHAHAHAH
your code is assuming my gender
Imagine unironically being this stupid.