LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 07-08-2004, 04:39 AM   #1
pippet
Member
 
Registered: May 2004
Posts: 67

Rep: Reputation: 15
char array of size 10 can read morethan 10 chars!!!!!


I have this program
main()
{
char nn[10];
printf("\n Enter name: ");
scanf("%s",nn);
printf("\n%s\n",nn);
}

i compiled it with cc
when i had run it,

$./a.out

Enter name: asdfghjklpoiuyt

asdfghjklpoiuyt

it displayed morethan 10 chars... how is it possible?
 
Old 07-08-2004, 05:44 AM   #2
datprogrammer
LQ Newbie
 
Registered: Jul 2004
Posts: 15

Rep: Reputation: 0
That, my friend, is what is known as a "buffer overflow" and is a fine example of how NOT to code. ALWAYS check the length of your data before storing it. In this case, I would replace sscanf() with fgets(nn,9,stdin) which restricts the amount of input to what nn can hold (9 characters pluss terminting null). If you wish to capture other types of data, such as ints etc, use a combination of fgets and either atoi() or sscanf() to parse the data.

The C language itself does not do any bounds checking, and this is why C programs are so vunerable to buffer exploit attacks.

What happens when the compiler sees "char nn[10];" is that 10 bytes of memory are "reserved" to store values in but there is nothing to stop you writing as many characters as you like - your extra data just goes into the memory at the end of the 10 bytes reserved for nn, overwrting anything that was there (other variables, the stack frame, code or whatever happens to be there).

Usually this results in a core dump. You got away with in this case.

Very Very Clever and bad people can overflow a buffer in such a way that the extra data is executable code that can do pretty much anything the hacker wants. These are known as "bufer exploits" and are the subject of many many security advisaries.
 
Old 07-08-2004, 05:53 AM   #3
pippet
Member
 
Registered: May 2004
Posts: 67

Original Poster
Rep: Reputation: 15
thanks a lot !
I blindly believed that compiler checks the size of the array.
Oh! That's why fgets is adviced by the gurus.
Shall i ask u another question?
 
Old 07-08-2004, 06:10 AM   #4
datprogrammer
LQ Newbie
 
Registered: Jul 2004
Posts: 15

Rep: Reputation: 0
The COMPILER cannot do any bounds checking - it can't know at compile time that you are going to type in a very long string.

In C, arrays are really just pointers with reserved storage so for example

char nn[10]; and

char * nn; nn=malloc(10);

Are to all intents and purposes, the same thing (there are diffrences, such as the malloc'd version reserves storage from the "heap" wheras char char[] version reserves storage on the stack if it's an auto variable)

so really, the array notation is just a shorthand for defining pointers, and in C pointers are quite dumb. A pointer is little more than just a memory address. Everytime you store things at a pointer location it is your responsibilty to ensure that The address you are writing to does not belong to anything else and that there is sufficient "reserved" space that you're not going to blow anything else up. The compiler or runtime system cannot help you with that!

Pointers are the main source of difficulty with C programs, even old hands can very easily screw things up if they are not careful!
 
Old 07-09-2004, 05:11 AM   #5
pippet
Member
 
Registered: May 2004
Posts: 67

Original Poster
Rep: Reputation: 15
Thanks for the information.
 
Old 07-09-2004, 04:12 PM   #6
aluser
Member
 
Registered: Mar 2004
Location: Massachusetts
Distribution: Debian
Posts: 557

Rep: Reputation: 42
Quote:
so really, the array notation is just a shorthand for defining pointers
This isn't strictly true in that
Code:
char foo[10];
never allocates a word on the stack to hold an address. Thus you can't assign to foo like you would a pointer; this is illegal:
Code:
char foo[10];
char bar[4];
char *baz;
baz = bar; /* This is ok, compiler fakes bar being a pointer because it knows bar's address. */
foo = baz; /* This part is not cool!  foo is not a pointer and can't hold a new address */
If you call a function with foo as an argument, the compiler does take foo's address and pass it to the function as a char*, so in that case foo does pretend to be a pointer, though it isn't really.

It should also be mentioned many many times that what you malloc() you need to free()
 
Old 07-10-2004, 03:59 AM   #7
datprogrammer
LQ Newbie
 
Registered: Jul 2004
Posts: 15

Rep: Reputation: 0
"This isn't strictly true in that..."


.. Which is why I said "Are to all intents and purposes, the same thing (there are diffrences...."

I used to interview candidates for trainee programmers and this was one of my tech questions....

I just didnt want to get into an in-depth tech discussion of the subtleties.
 
Old 07-10-2004, 10:44 AM   #8
sandgroper
Member
 
Registered: Jul 2004
Location: Perth , Western Australia
Distribution: Fedora Core 5 , Mint 9
Posts: 118

Rep: Reputation: 15
To put it simply , C starts it's counting from 0 ...... 9 , so if you declare an array of 10 chars , then you are actually declaring an array of 0 .... 10 which is 11 chars.
 
Old 07-10-2004, 11:17 AM   #9
datprogrammer
LQ Newbie
 
Registered: Jul 2004
Posts: 15

Rep: Reputation: 0
>>>>>you are actually declaring an array of 0 .... 10 which is 11 chars.

BZZZZZZZZT!!!!!


WRONG, WRONG and WRONG

GO STRAIGHT TO JAIL, DO NOT PASS GO, DO NOT COLLECT $200.00


char nn[10] declares an array of TEN characters, indexed from 0 to 9
 
Old 07-11-2004, 07:52 PM   #10
p-static
Member
 
Registered: Jul 2004
Distribution: Gentoo
Posts: 101

Rep: Reputation: 15
I don't know much C, but I remember that strings are terminated in a \0, so would you only get 9 chars?
 
Old 07-11-2004, 08:19 PM   #11
aluser
Member
 
Registered: Mar 2004
Location: Massachusetts
Distribution: Debian
Posts: 557

Rep: Reputation: 42
yes, that's correct. 10 bytes or 9 characters plus a NUL
 
Old 07-11-2004, 11:11 PM   #12
arvind_sv
Member
 
Registered: Oct 2002
Location: Bangalore
Distribution: Gentoo Linux
Posts: 96

Rep: Reputation: 15
I find it really funny when people make statements such as:

Quote:
... in C pointers are quite dumb.

Pointers are the main source of difficulty with C programs, even old hands can very easily screw things up if they are not careful!
Er, have you ever written a (non-hello-world) C program that doesn't use pointers. The power of C lies in understanding pointers and the flexibility they afford. Of course, as with anything, if you don't know how to handle them, you can easily "screw up", as datprogrammer so eloquently put it. That DOES NOT make it a "difficulty".

Something that a good programmer can weild effectively, but the apprentice finds hard to use is not a "difficulty". It's a tool which needs a lot of getting used to. Experiencing the magic of pointers is what C is all about.

This is the Programming Forum. I'm amazed people just let such statements go by.

Arvind
 
Old 07-12-2004, 01:40 AM   #13
datprogrammer
LQ Newbie
 
Registered: Jul 2004
Posts: 15

Rep: Reputation: 0
Good comments Arvind, perhaps I should have added "a source of difficulty for novices"

Although in my 20+ years of programming, the vast majority of those " why won't this bloody program work, I've been staring at the code fo r 2 hours and it still won't work" sessions have been problems with pointers - of course it's always my dumb coding, and when I see the problem, its always something stupid and I beat myself up severly for being so dumb!

On the other hand, I've seen some crazy code from allegedly experienced programmers in my team... one example, and yes this is real code in a production system..

char x[10];

.....
x[0]=0;
x[1]=0;
x[2]=0;

etc...
 
Old 07-12-2004, 01:44 AM   #14
datprogrammer
LQ Newbie
 
Registered: Jul 2004
Posts: 15

Rep: Reputation: 0
aluser,

"9 characters plus a NULL"

thats assuming you're going to store a string in the character array, there's nothing to say that you have to

It could be a file buffer that you're using to process binary data from a datafile, 10 bytes at a time.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
C# convert char array to string exodist Programming 3 09-16-2008 08:06 AM
problem in copying array to char * monil Programming 15 03-13-2005 04:22 PM
array of char pointers djgerbavore Programming 2 01-08-2005 01:59 PM
search in char array xxfunkxx Programming 2 12-12-2004 11:23 PM
Char array to int without losing value ? Dimitris Programming 3 01-14-2004 12:08 PM


All times are GMT -5. The time now is 08:01 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration