what is the name of the attack??

micflunu · 11-03-2016, 06:00 AM

int a[10];

extern int *a;

what is the problem in using this??What is the attack that is generated out of these??

pan64 · 11-03-2016, 06:04 AM

insufficient information, two lines of code cannot be attacked. Probably only by an eraser.

micflunu · 11-03-2016, 06:19 AM

NO it is an assignment i just am supposed to name the uncontrolled or un expected result that could come out of using pointers the same as arrays??

BW-userx · 11-03-2016, 09:25 AM

why don't you fire up a text editior type out that code

Code:

int main (){

int a[10];
extern int *a;

for i=0;i<11;i++;
cout>>a[i];

cout>>&a
}

or how ever it would go, then see what your results are.

jpollard · 11-03-2016, 09:00 PM

Quote:

Originally Posted by micflunu

int a[10];

extern int *a;

what is the problem in using this??What is the attack that is generated out of these??

As others have said, there isn't quite enough information. One thing missing is the language used... The example code given in a previous response should be invalid for C++, and IS invalid for C.

But what is likely is that the first declaration is in one module/file, and the second declaration is in a different module/file/function...

What is lost is the size of the array. For the first declaration you can get that information from the compiler using a "sizeof(a)", and it will give the number of bytes in an int (4) multiplied by the number of elements in the array (10), for size of 40 bytes.

In the second declaration "sizeof(a)" will give the size of a pointer... On 32 bit machines that will be 4, on a 64 bit machine that will be 8.

Not the same thing at all.

The problems this usually causes is an out of bounds error IF the module/function is not informed at runtime how large the array is.

sundialsvcs · 11-03-2016, 09:40 PM

Clearly, it is inappropriate to use the label, "attack." In this case, the proper label is simply, "bug!"

Quote:

It is an assignment. I just am supposed to name the uncontrolled or unexpected result that could come out of using pointers the same as arrays.

The two declarations, first of all, "are fundamentally different." (Hence, they would not and in fact cannot(!) be used together.) So, the locus of the question-at-hand really is: "what bugs might occur if the second declaration were used by the programmer, versus the first?"

Remember that the "C" language is purposely designed(!) "to be permissive." It always assumes that you know what you are doing. Therefore, it purposely allows "array-dereference" syntax to be applied to "pointers," and so-on.

This question is therefore challenging you, first and foremost, to understand(!) the difference between the two declarations, and then to comment on the "gotchas" that might arise from the simple fact that, "in C, the syntax might be the same."

So, now, "as the writer of the assignment intended for you to do," contemplate what I have just said.

(Because, if someday in some future job you are "hip-waders deep in 253,000 lines of mission-critical C-code that was first written 35 years ago ..." [and this most-certainly can happen] "... you will thank me.") (No, it is not too late to change majors ...)

---
"Who, me?" A sometimes community-college instructor? "Who, me?"

BW-userx · 11-04-2016, 06:01 AM

Quote:

Originally Posted by sundialsvcs

(No, it is not too late to change majors ...)

---
"Who, me?" A sometimes community-college instructor? "Who, me?"

chuckle chuckle

Maybe changes to java script thinking it is a (easier) programming lang. (bad joke)