Newfags can't figure out why this code is dangerous
Newfags can't figure out why this code is dangerous
Anime girl that holds a sign that says "We have this thread every day".jpeg
it's dangerous because it's C
its not written in glorious javascript 30MB 150th best framework thats objectively better than its 149 predecesors
C only has one framework (C++) and it's shit
It's not Java
Assuming user's gender...
>babby's first vulnerability
How's that "C Tutorial - part 3" going user?
shit tier rigid code assumes gender
programming language isn't even your problem here fag
not dangerous on my machine
Scanf sounds dangerous.
Don't scan my computer. D:
Oh look its this thread again
because if i input jessica it says mr jessica?
wow a buffer overflow, amazing
>newfag learns about buffer overflow and thinks he's smart
It's dangerous because
1) Potential buffer overflow
2) It's assuming the user's gender
>1) Potential buffer overflow
Dangerously Bad
>2) It's assuming the user's gender
Dangerously Good
this
>look mom i just finished first week of cs
Oh is that what your intro to cs class did today
Newfag solves a babbys first ctf challenge and brags on Jow Forums
Wow congrats dude
>hurr durr buffer overflow
>am hackorz men
Nobody will want to run this specific software, thus it is not dangerous.
There's no filter built in, so somebody could type in hate speech and have your computer screen say "Hello Mr. N*****r" for example
are you in my information systems class?
I only know python, what is this alien language?
Newnewfag can't understand why that code is dangerous.
Newfag can't understand why that code is practically not really dangerous in modern operating systems
Ok so it's dangerous because of buffer overflow, but how do you fix it?
>scanf ("%s", name);
The scanf function with a %s argument and no modifiers to set a maximum length field is functionally equivalent to the gets() function, and will result in a buffer overflow. You'll want something like %15s
>2018
>using scanf
It's your fault being retarded.
Only way to prevent it is to increase the buffer size of name to something big enough that an overflow would be unlikely.
Name[100000]
Malloc sizeof name
OP is a faggot
Because it's not. On any proper OS it's gonna have it's own memory space and will at worst overwrite some zeroes and exit before anything dangerous can happen.
Not doing your homework for you, retard.
>the absolute state of Jow Forums
it won't cause any trouble because all modern compilers will add some stack protection by default
The compiler will write the warning right there you know. Honest question, how do I read arbitrary length strings in C while preserving the ability to re-type the stuff you wrote in the command line(to correct an error in the line for example)?
It's the language Python relies on to be usable in something besides light scripting.
int average=(a+b)/2;
Newfags can't figure out why this code is dangerous
>Mr.
It's dangerous because it's not using gender-neutral pronouns.
>C language
>write literally anything
>it's dangerous
he's not a newfag, though. he post this shit frequently.
cause the result would be a double?
Newfag.
>unlikely
It's all or nothing, mate. An attacker doesn't care if your buffer is 100 characters or 100,000 characters.
Fix:
scanf ("%15s", name);
Holy shit c really is dumb. I am not going to defend it but I can understand why it is that way. I allocate some 16 characters space and behave like a retard by putting in 20. Of course the machine is going to say fuck it and just do it.
Anyways the one who made c is a retard too for even letting things like this happen. If I write 20 characters into name with 16 spaces then it should cut the rest. Fucking hell.
low b8
Memory overrun
Just use Rust
Bounds checking is slow. scanf_s does specifically what you said, but it's slower obviously.
this desu.
deprecated
u are, mr gay
How the fuck is a buffer overflow dangerous?
Its my program, my computer, my memory. What could go wrong?
>N*****r
>If I write 20 characters into name with 16 spaces then it should cut the rest
Without providing information about the size, scanf doesn't know how big "name" is.
Based and redpilled
Bad software can start out with assumptions like yours, and then get used in a different context for a different problem, with someone who isn't aware of the bug. Network traffic gets fed into standard in. Standard in accepts as much traffic as need be. Memory is corrupted, return values are corrupted, return to libc is used to install a RAT, and now your network is gone.
I think you can overwrite executable code, which usually makes your program crash immediately, once said code is executed
Hello Mr. asdfasdf#%*'username=user`%$#--password=hunter2_^^%%[×$'v;,1$(()*,
/thread
So many people in the thread scoffing at the question and not answering it for ignorants like me. Codemonkeys, what is this?
If C is so dangerous, why was Linux written in C?
Linux was originally a toy project made by an Eastern European college student. It only continues using C to this day because porting to a modern language is very difficult and it has a lot of legacy code.
thanks smartass-kun
literally not my job: the language
Retard
It's on the stack, you aren't executing code on the stack
You can overwrite the return address/whatever else is on the stack though
And if there's a function pointer on the stack before your stack cookie, what good does your stack cookie do you?
What if the array is being heap allocated :^)?
Then it would be using malloc, not allocating on the stack
Linux
>no! You can do that! You will destroy the computer! I won't let you do that.
Windows
>look out with that, dude
Grotesquely underated
a + b could be zero and you can't divide zero?
imagine falling for this stupid bait thread
Let me guess, you are studying computer science
But could that overwrite executable code?
It's unlikely, the heap isn't executable by default, the text section is where your executable code is stored, and its marked read/execute so you can't overwrite shit in there unless you change protections for it
And there's guard pages surrounding the heap to make sure you don't write outside of it
buffer overflow if the char array isn't long enough for user input
But why does my program crash to desktop when I write to memory locations I didn't allocate?
This.
It's trying to access memory that isn't mapped, if you override some ptr on the stack with an invalid address, then access that ptr, you're trying to access memory that doesn't have a page table entry for your current context
But why does this make my C# program crash to desktop rather than throwing a nice exception and continuing?
You don't have anything handling the exception
Floating point math.
Wrong 0/2 = 0
If a+b is uneven (((they))) will just keep 0.5 for themselves
Why didn't make the people that make CPUs make writing to unallocated memory regions defined behavior?
They did, it returns an access violation that you can catch and handle
My C# program can't handle it even if I put it inside a try catch
I am learning C and, only if a and/or b are something that it shouldn't (array?), I don't see nothing bad
Sorry bud but I don't know c#
>And if there's a function pointer on the stack before your stack cookie, what good does your stack cookie do you?
There isn't any function pointer in the program, read the OP.
Not overflow save
No shit champ, it was theoretical
Pretty based desu.
Thanks for answering my questions either way
#include
int main()
{
int a = 2;
int b = 5;
float average = (a+b)/2.0; //always divide by float
printf("%f", average);
}