LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 08-20-2003, 06:53 AM   #1
usernamed
LQ Newbie
 
Registered: Jun 2003
Location: By the sea
Distribution: LFS/BLFS
Posts: 24

Rep: Reputation: 15
*very* basic c question


Hi,

I'm just starting to learn C from scratch, and have bought the classic Kernigan and Ritchie book to work through. However, as soon as I get to example code that starts using EOF, I'm running into problems.

I have stdio.h included in my program, and am trying to use the getchar function as follows:

main()
{
int c;

c = getchar();
while (c != EOF) {
putchar(c);
c = getchar();
}
}

EOF is defined as -1 as I believe it should be, but I don't know how to trigger EOF to end the program!

I first assumed when looking at the example that just not typing anything would result in the stdin stream becoming empty, but then realised that I'd have to type very fast indeed for the buffer not to become empty

How does this work? How should I indicate to the program that I've finished inputting characters?

Many thanks for your help,

Mark
 
Old 08-20-2003, 06:56 AM   #2
kev82
Senior Member
 
Registered: Apr 2003
Location: Lancaster, England
Distribution: Debian Etch, OS X 10.4
Posts: 1,263

Rep: Reputation: 50
eof is ctrl-d in unix, ctrl-z in dos/win
 
Old 08-21-2003, 05:18 AM   #3
UltimaGuy
Member
 
Registered: Aug 2003
Location: Chennai, India
Distribution: PCLinuxOS .92, FC4
Posts: 840

Rep: Reputation: 30
You should check for EOF only when working with files, while for normal console based operations, it is generally not required. You can just use scanf in C for this purpose.
 
Old 08-21-2003, 05:24 AM   #4
nowonmai
Member
 
Registered: Jun 2003
Posts: 481

Rep: Reputation: 48
^^

don't be telling people to use scanf(), its use should be punishable by enforced COBOL debugging sessions.
 
Old 08-21-2003, 05:38 AM   #5
kev82
Senior Member
 
Registered: Apr 2003
Location: Lancaster, England
Distribution: Debian Etch, OS X 10.4
Posts: 1,263

Rep: Reputation: 50
with things like redirection and pipes how do you know whether stdin is a file or not? also as nowonmai says the only scanf based function you should ever call is sscanf or vsscanf, after youve got the input safely saved in a buffer.
 
Old 08-21-2003, 06:06 AM   #6
usernamed
LQ Newbie
 
Registered: Jun 2003
Location: By the sea
Distribution: LFS/BLFS
Posts: 24

Original Poster
Rep: Reputation: 15
C question

Thanks very much for the Ctrl+D tip, that got my program doing what I wanted it to. But why is scanf so frowned upon?
 
Old 08-21-2003, 06:17 AM   #7
kev82
Senior Member
 
Registered: Apr 2003
Location: Lancaster, England
Distribution: Debian Etch, OS X 10.4
Posts: 1,263

Rep: Reputation: 50
there are quite a few problems with it but the main one is bounds checking, look at the following example
Code:
char x[20];
scanf("%s", x);
now what happens when i type 25 or 30 characters? try and see

what you should get at best is a segfault(actually a buffer overflow) but people who know what they are doing can manipulate this to give them various privilages
ive just stolen this link from another post but this explains in detail what a buffer overflow is: http://destroy.net/machines/security/P49-14-Aleph-One
 
Old 08-21-2003, 07:12 AM   #8
usernamed
LQ Newbie
 
Registered: Jun 2003
Location: By the sea
Distribution: LFS/BLFS
Posts: 24

Original Poster
Rep: Reputation: 15
Buffer Overflows

I'm amazed!

As you've probably been able to tell, I'm very much at the beginning of my C education, but does this mean that most of the C code I'm going to write according to text books is potentially insecure? Are there secure alternatives to the standard I/O functions provided by stdio.h?

Sorry for taking up so much of your time, I'd just like to learn to do things the *right* way rather than have to relearn everything later.
 
Old 08-21-2003, 08:06 AM   #9
kev82
Senior Member
 
Registered: Apr 2003
Location: Lancaster, England
Distribution: Debian Etch, OS X 10.4
Posts: 1,263

Rep: Reputation: 50
nothing is 100% secure, so there is no 'right' way to do things but some things are more secure than others, fgets is a lot better than scanf for example.

i personally think the best for you would just be to follow the book until you get a good understanding of the language. once you have a good understanding then you can start playing about with making things more secure.

the best way to learn how to write secure code, imo is to write normal code and try to break it, then improve it so you cant break it that way, then try and break it another way. by doing this repeatedly you'll have a much greater understanding of how to write secure code than just knowing not to use scanf.
 
Old 08-21-2003, 08:29 AM   #10
usernamed
LQ Newbie
 
Registered: Jun 2003
Location: By the sea
Distribution: LFS/BLFS
Posts: 24

Original Poster
Rep: Reputation: 15
Thanks kev, your time's appreciated.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Basic Question insyte Linux - Wireless Networking 4 09-16-2004 11:57 AM
Basic C++ question ooagentbender Programming 10 12-10-2003 09:34 PM
Very basic question rajanr Linux - Newbie 2 07-23-2003 03:13 AM
A really basic question pilotgi Linux - Newbie 10 10-14-2002 04:57 PM
basic question kurgan70 Linux - General 2 12-06-2001 03:42 PM


All times are GMT -5. The time now is 01:36 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration