Newfags can't figure out why this code is dangerous

Scanf sounds dangerous.
Don't scan my computer. D:

Oh look its this thread again

because if i input jessica it says mr jessica?

wow a buffer overflow, amazing

>newfag learns about buffer overflow and thinks he's smart

Attached: mpvshot0001.png (710x569, 717K)

It's dangerous because
1) Potential buffer overflow
2) It's assuming the user's gender

>1) Potential buffer overflow
Dangerously Bad
>2) It's assuming the user's gender
Dangerously Good

this

>look mom i just finished first week of cs

Oh is that what your intro to cs class did today

Attached: B150F620-C114-4A66-8036-1C0929517DA4.jpg (564x705, 72K)

Newfag solves a babbys first ctf challenge and brags on Jow Forums

Wow congrats dude

>hurr durr buffer overflow
>am hackorz men

Nobody will want to run this specific software, thus it is not dangerous.

There's no filter built in, so somebody could type in hate speech and have your computer screen say "Hello Mr. N*****r" for example

are you in my information systems class?

I only know python, what is this alien language?

Newnewfag can't understand why that code is dangerous.
Newfag can't understand why that code is practically not really dangerous in modern operating systems

Ok so it's dangerous because of buffer overflow, but how do you fix it?

>scanf ("%s", name);
The scanf function with a %s argument and no modifiers to set a maximum length field is functionally equivalent to the gets() function, and will result in a buffer overflow. You'll want something like %15s

>2018
>using scanf
It's your fault being retarded.

Only way to prevent it is to increase the buffer size of name to something big enough that an overflow would be unlikely.

Name[100000]
Malloc sizeof name

OP is a faggot

Because it's not. On any proper OS it's gonna have it's own memory space and will at worst overwrite some zeroes and exit before anything dangerous can happen.

Not doing your homework for you, retard.

>the absolute state of Jow Forums

it won't cause any trouble because all modern compilers will add some stack protection by default

The compiler will write the warning right there you know. Honest question, how do I read arbitrary length strings in C while preserving the ability to re-type the stuff you wrote in the command line(to correct an error in the line for example)?

It's the language Python relies on to be usable in something besides light scripting.

int average=(a+b)/2;
Newfags can't figure out why this code is dangerous

>Mr.

It's dangerous because it's not using gender-neutral pronouns.

>C language
>write literally anything
>it's dangerous

Attached: huehuehue.jpg (793x453, 70K)

he's not a newfag, though. he post this shit frequently.

cause the result would be a double?

Newfag.

>unlikely
It's all or nothing, mate. An attacker doesn't care if your buffer is 100 characters or 100,000 characters.

Fix:
scanf ("%15s", name);

Holy shit c really is dumb. I am not going to defend it but I can understand why it is that way. I allocate some 16 characters space and behave like a retard by putting in 20. Of course the machine is going to say fuck it and just do it.
Anyways the one who made c is a retard too for even letting things like this happen. If I write 20 characters into name with 16 spaces then it should cut the rest. Fucking hell.

low b8

Memory overrun

Just use Rust

Bounds checking is slow. scanf_s does specifically what you said, but it's slower obviously.

this desu.
deprecated

u are, mr gay

How the fuck is a buffer overflow dangerous?
Its my program, my computer, my memory. What could go wrong?

>N*****r

>If I write 20 characters into name with 16 spaces then it should cut the rest
Without providing information about the size, scanf doesn't know how big "name" is.

Based and redpilled

Bad software can start out with assumptions like yours, and then get used in a different context for a different problem, with someone who isn't aware of the bug. Network traffic gets fed into standard in. Standard in accepts as much traffic as need be. Memory is corrupted, return values are corrupted, return to libc is used to install a RAT, and now your network is gone.

I think you can overwrite executable code, which usually makes your program crash immediately, once said code is executed

Hello Mr. asdfasdf#%*'username=user`%$#--password=hunter2_^^%%[×$'v;,1$(()*,

/thread

So many people in the thread scoffing at the question and not answering it for ignorants like me. Codemonkeys, what is this?

Attached: 1528932664217.jpg (467x599, 208K)

If C is so dangerous, why was Linux written in C?

Linux was originally a toy project made by an Eastern European college student. It only continues using C to this day because porting to a modern language is very difficult and it has a lot of legacy code.

thanks smartass-kun

literally not my job: the language

Retard
It's on the stack, you aren't executing code on the stack
You can overwrite the return address/whatever else is on the stack though

And if there's a function pointer on the stack before your stack cookie, what good does your stack cookie do you?

What if the array is being heap allocated :^)?

Then it would be using malloc, not allocating on the stack

Linux
>no! You can do that! You will destroy the computer! I won't let you do that.

Windows
>look out with that, dude

Grotesquely underated

Attached: 1373799213615paintme.jpg (640x426, 86K)

a + b could be zero and you can't divide zero?

imagine falling for this stupid bait thread

Attached: 1536681515850.jpg (640x480, 211K)

Let me guess, you are studying computer science

But could that overwrite executable code?

It's unlikely, the heap isn't executable by default, the text section is where your executable code is stored, and its marked read/execute so you can't overwrite shit in there unless you change protections for it
And there's guard pages surrounding the heap to make sure you don't write outside of it

buffer overflow if the char array isn't long enough for user input

But why does my program crash to desktop when I write to memory locations I didn't allocate?

This.

It's trying to access memory that isn't mapped, if you override some ptr on the stack with an invalid address, then access that ptr, you're trying to access memory that doesn't have a page table entry for your current context

But why does this make my C# program crash to desktop rather than throwing a nice exception and continuing?

You don't have anything handling the exception

Floating point math.

Wrong 0/2 = 0

If a+b is uneven (((they))) will just keep 0.5 for themselves

Why didn't make the people that make CPUs make writing to unallocated memory regions defined behavior?

They did, it returns an access violation that you can catch and handle

My C# program can't handle it even if I put it inside a try catch

I am learning C and, only if a and/or b are something that it shouldn't (array?), I don't see nothing bad

Sorry bud but I don't know c#

>And if there's a function pointer on the stack before your stack cookie, what good does your stack cookie do you?
There isn't any function pointer in the program, read the OP.

Not overflow save

No shit champ, it was theoretical

Pretty based desu.

Thanks for answering my questions either way

#include

int main()
{
int a = 2;
int b = 5;
float average = (a+b)/2.0; //always divide by float
printf("%f", average);
}