Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
08-20-2003, 06:53 AM
|
#1
|
LQ Newbie
Registered: Jun 2003
Location: By the sea
Distribution: LFS/BLFS
Posts: 24
Rep:
|
*very* basic c question
Hi,
I'm just starting to learn C from scratch, and have bought the classic Kernigan and Ritchie book to work through. However, as soon as I get to example code that starts using EOF, I'm running into problems.
I have stdio.h included in my program, and am trying to use the getchar function as follows:
main()
{
int c;
c = getchar();
while (c != EOF) {
putchar(c);
c = getchar();
}
}
EOF is defined as -1 as I believe it should be, but I don't know how to trigger EOF to end the program!
I first assumed when looking at the example that just not typing anything would result in the stdin stream becoming empty, but then realised that I'd have to type very fast indeed for the buffer not to become empty
How does this work? How should I indicate to the program that I've finished inputting characters?
Many thanks for your help,
Mark
|
|
|
08-20-2003, 06:56 AM
|
#2
|
Senior Member
Registered: Apr 2003
Location: Lancaster, England
Distribution: Debian Etch, OS X 10.4
Posts: 1,263
Rep:
|
eof is ctrl-d in unix, ctrl-z in dos/win
|
|
|
08-21-2003, 05:18 AM
|
#3
|
Member
Registered: Aug 2003
Location: Chennai, India
Distribution: PCLinuxOS .92, FC4
Posts: 840
Rep:
|
You should check for EOF only when working with files, while for normal console based operations, it is generally not required. You can just use scanf in C for this purpose.
|
|
|
08-21-2003, 05:24 AM
|
#4
|
Member
Registered: Jun 2003
Posts: 481
Rep:
|
^^
don't be telling people to use scanf(), its use should be punishable by enforced COBOL debugging sessions.
|
|
|
08-21-2003, 05:38 AM
|
#5
|
Senior Member
Registered: Apr 2003
Location: Lancaster, England
Distribution: Debian Etch, OS X 10.4
Posts: 1,263
Rep:
|
with things like redirection and pipes how do you know whether stdin is a file or not? also as nowonmai says the only scanf based function you should ever call is sscanf or vsscanf, after youve got the input safely saved in a buffer.
|
|
|
08-21-2003, 06:06 AM
|
#6
|
LQ Newbie
Registered: Jun 2003
Location: By the sea
Distribution: LFS/BLFS
Posts: 24
Original Poster
Rep:
|
C question
Thanks very much for the Ctrl+D tip, that got my program doing what I wanted it to. But why is scanf so frowned upon?
|
|
|
08-21-2003, 06:17 AM
|
#7
|
Senior Member
Registered: Apr 2003
Location: Lancaster, England
Distribution: Debian Etch, OS X 10.4
Posts: 1,263
Rep:
|
there are quite a few problems with it but the main one is bounds checking, look at the following example
Code:
char x[20];
scanf("%s", x);
now what happens when i type 25 or 30 characters? try and see
what you should get at best is a segfault(actually a buffer overflow) but people who know what they are doing can manipulate this to give them various privilages
ive just stolen this link from another post but this explains in detail what a buffer overflow is: http://destroy.net/machines/security/P49-14-Aleph-One
|
|
|
08-21-2003, 07:12 AM
|
#8
|
LQ Newbie
Registered: Jun 2003
Location: By the sea
Distribution: LFS/BLFS
Posts: 24
Original Poster
Rep:
|
Buffer Overflows
I'm amazed!
As you've probably been able to tell, I'm very much at the beginning of my C education, but does this mean that most of the C code I'm going to write according to text books is potentially insecure? Are there secure alternatives to the standard I/O functions provided by stdio.h?
Sorry for taking up so much of your time, I'd just like to learn to do things the *right* way rather than have to relearn everything later.
|
|
|
08-21-2003, 08:06 AM
|
#9
|
Senior Member
Registered: Apr 2003
Location: Lancaster, England
Distribution: Debian Etch, OS X 10.4
Posts: 1,263
Rep:
|
nothing is 100% secure, so there is no 'right' way to do things but some things are more secure than others, fgets is a lot better than scanf for example.
i personally think the best for you would just be to follow the book until you get a good understanding of the language. once you have a good understanding then you can start playing about with making things more secure.
the best way to learn how to write secure code, imo is to write normal code and try to break it, then improve it so you cant break it that way, then try and break it another way. by doing this repeatedly you'll have a much greater understanding of how to write secure code than just knowing not to use scanf.
|
|
|
08-21-2003, 08:29 AM
|
#10
|
LQ Newbie
Registered: Jun 2003
Location: By the sea
Distribution: LFS/BLFS
Posts: 24
Original Poster
Rep:
|
Thanks kev, your time's appreciated.
|
|
|
All times are GMT -5. The time now is 10:44 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|