What's the deadly bug here, Jow Forums?

What's the deadly bug here, Jow Forums?
Bonus points for exploiting it, you should be able to solve this.

#include
#include
#include

typedef struct note{
char name[50];
char path[50];
} note;

note* notes[100];
char numOfNotes = 0;

void addNewNote(){
char path[] = "/tmp/n_XXXXXX";
FILE *fpt = fdopen(mkstemp(path), "w");

notes[numOfNotes] = (note*) malloc(sizeof(note));
memset(notes[numOfNotes], 0 , sizeof(note));
printf("Name: ");
fflush(stdout);

int c;
while ((c = getchar()) != '\n' && c != EOF) { }

fgets(notes[numOfNotes]->name, 50, stdin);
printf("Content: ");
char* content = malloc(100);
fgets(content, 100, stdin);
fputs(content, fpt);
fclose(fpt);
strcpy(notes[numOfNotes]->path, path);
numOfNotes++;
free(content);
}

void printAllNotes(){
for(int i = 0; i < numOfNotes; i++){
printf("note %d.\n", i);
printf("Name: %s\n", ¬es[i]->name);
puts("Contents:");
char *content = malloc(100);
FILE *fp = fopen(notes[i]->path, "r");
while(fgets(content, 100, fp)){
printf("%s", content);
}
fclose(fp);
free(content);
}
}

int main(int argc, char **argv){
int noteNum;
while(1){
printf("1. Add new note\n");
printf("2. Print all notes\n");
printf("3. Delete a note\n");

int selection;
scanf("%d", &selection);
switch(selection){
case 1:
addNewNote();
break;
case 2:
printAllNotes();
break;
case 3:
printf("Note num: ");
fflush(stdout);
scanf("%d", ¬eNum);
if (noteNum < numOfNotes){
printf("Deleting %d\n", noteNum);
free(notes[noteNum]);
}
break;
}

}
return 0;
}

Attached: 1477444712694.png (491x404, 266K)

Your mom lol. Exploit her every night.

>What's the deadly bug here, Jow Forums?
Writing a program in C.

>implying C is not the language of gods
the absolute state of Jow Forums

I'm not reading you shit code faggot.

Where do I even start. No input validation whatsoever. Using scanf period. No default: in the switch block. Use after free. Didn't even read what's happening in the functions, main is a clusterfuck already.

>scanf("%d")

Why are you trying to show off here if you can't even capture user input properly?

Dude, this is some disgusting code. What makes it really disgusting is that you're flexing it here. Are you seriously proud of this?

There isn't a sophisticated bug or exploit here.
YOUR ENTIRE PROGRAM IS THE "DEADLY BUG" OR "EXPLOIT".

It's dogshit. Proof is in the OP.

what's the better option here? I honestly haven't used C in ages

even though that's not the point