ansaurus

Question

Microsoft interview Question: Find the errors in this function

Answer 1

+45 A:

I can see a few:

Length of input string not checked.

What if the strlen(s) > 1023? You can fit a string of length at most 1023 in buffer.

Overwriting the last char with \n

You are overwriting last char with newline. Your \n should go where \0 used to be and you need to add a new \0 after \n

Variable buffer is local to function and you are returning its address.

Memory for buffer is allocated on stack and once the function returns, that memory is freed.

I would do:

char* AddnewlinetoString(char *s) {

  size_t buffLen = strlen(s) + 2; // +1 for '\n' +1 for '\0'
  char *buffer = malloc(buffLen); 
  if(!buffer) {
   fprintf(stderr,"Error allocting\n");
   exit(1);
  }
  strcpy(buffer,s);
  buffer[buffLen-2] = '\n';
  buffer[buffLen-1] = 0;
  return buffer;
}

codaddict 2010-09-21 09:11:10

Funnily enough, the `\0` is probably still there (if the first error doesn't trip it). Look again, is the `\0` overwritten?

Muhammad Alkarouri 2010-09-21 09:17:19

2. `strlen` doesn't include the terminator in the length. So at most, the code just replaces the last char of the string with a newline, but the nul will remain if it already was there.

cHao 2010-09-21 09:18:31

@Muhammad,@cHao: Thanks for pointing.

codaddict 2010-09-21 09:23:35

I'd use size_t to hold return value from strlen()...

Nyan 2010-09-21 10:58:05

"Memory for buffer is allocated on stack and once the function returns, that memory is freed." It's a long, long time since I did any c++ but I thought that as long as the memory was referenced by a pointer (and not explicitly deallocated) it would remain allocated ( or is that me getting java in my c++)

TygerKrash 2010-09-21 11:07:39

@TygerKrash: The stack holds values local to the current function. Once the function returns, your pointer is pointing to garbage, i.e. you don't know what's there (e.g. the next function's local variables can overwrite the region your pointer points to).

3lectrologos 2010-09-21 11:32:54

@Nyan: Thanks for pointing. Changed `int` to `size_t`

codaddict 2010-09-21 11:56:16

+1 - I would rephrase to say "once the function returns, the memory is out of scope" - allocated and freed are loaded terms in the context of malloc etc. Distinguish more clearly between heap and stack memory usage.

Steve Townsend 2010-09-21 13:23:49

This will leak memory if used like: `str = AddNewlineToString(str);`

sje397 2010-09-21 14:08:06

@sje397: That's not a problem with the function, provided it is properly documented that the caller owns the returned buffer, and is responsible for freeing it appropriately. The only alternative is to work with a global buffer, which has much more severe issues. *edit: Given that you're stuck with a C-like interface, of course.

Dennis Zickefoose 2010-09-21 16:54:09

@Dennis Zickefoose: lack of docs (or comments) could be considered a problem. Another alternative would be to free the input pointer (yeah, not good). Anyway my point is that it was doomed from the moment the signature was written ;)

sje397 2010-09-21 17:26:30

haha why does this have upvotes?

Jonathan 2010-09-21 20:53:19

'Twould not be a bad idea to make the function argument const.

Jonathan Leffler 2010-09-21 21:08:21

This crashes if you pass null as the argument.

Tony Lambert 2010-09-22 10:44:05

Noone has mentioned yet that the original function fails if you pass it an empty string (it accesses s-1 in that case)

nos 2010-09-26 15:46:54

@Tony: nothing wrong with that. It will also crash (or worse) if you pass `(char*)rand()` or any other invalid pointer. Why should NULL be treated specially?

R.. 2010-09-28 04:38:52

Answer 2

+9 A:

there's no limit in strcpy, better use strncpy.
you are copying to static buffer and returning pointer.

Tomasz Kowalczyk 2010-09-21 09:11:22

Surely that's not a static buffer?

unwind 2010-09-21 09:12:32

3. Buffer overflow

Filip Ekberg 2010-09-21 09:13:46

Instead of `strncpy` one should make sure the buffer is of suitable size. Exactly what good is it doing if you get the input truncated, rather than having newline appended? This should take care of both issues.

visitor 2010-09-21 09:16:24

If available, strlcpy would be better.

Matteo Italia 2010-09-21 09:22:56

Answer 3

+4 A:

3 things

   int len = strlen(s);
   char* buffer = (char*) malloc (len + 2);   // 1
   strcpy(buffer,s);
   buffer[len] = '\n';           // 2 
   buffer[len+1] = '\0';         // 3
   return buffer;

Edit: Based on comments

aeh 2010-09-21 09:21:42

Calling `strlen()` three times instead of using a temporary might lead to disappointing results.

sharptooth 2010-09-21 09:23:47

@sharptooth: Have updated!!

aeh 2010-09-21 09:29:00

@aeh: strlen doesn't count the terminating '\0', so actually it replaces the last char before the '\0' and fails for empty strings that contain only the termination.

Secure 2010-09-21 10:31:09

@aeh: your answer contains a bug. You simply return a new string with the last character of s replaced by `\n`. len is one character too small.

JeremyP 2010-09-21 10:39:26

You don't check for `s` being `NULL` and for `malloc()` to fail.

Georg Fritzsche 2010-09-23 23:28:14

they would also like `char* AddnewlinetoString(const char *s)`

ruslik 2010-09-24 23:45:36

@Georg: there is no legitimate reason to check for `s` being NULL. Would you also like to check it against the billions of other invalid pointer values?

R.. 2010-09-28 04:40:04

@R..: Right, that should be covered by documentation and possibly an assert.

Georg Fritzsche 2010-10-08 07:18:12

Answer 4

+7 A:

Here is a C++ version without errors:

std::string AddnewlinetoString(std::string const& s)
{
    return s + "\n";
}

And here is how I would probably write that in C++0x:

std::string AddnewlinetoString(std::string s)
{
    return std::move(s += "\n");
}

FredOverflow 2010-09-21 09:22:41

Doesn't answer the question though :)

Filip Ekberg 2010-09-21 09:23:57

True, but... I don't think the point of these exercises is to come up with a better version *per se*, but to understand the intricacies of the errors. Consider it a test of debugging your mediocre colleagues' work, rather than a test of writing new code yourself.

Andrzej Doyle 2010-09-21 09:25:47

The question is tagged C++, that would imply this is a potential correct answer!

AshleysBrain 2010-09-21 12:18:01

@Fred - Better to pass by ref to const. What comments would you make about exception handling? This is an interview q remember - not making errors is only half the battle. I agree w Filip that you would also have to answer the question as stated, in an interview situation. Perhaps this is for C work.

Steve Townsend 2010-09-21 13:17:32

@Steve: I added your suggested reference to const version, but I still like the [pass by value](http://cpp-next.com/archive/2009/08/want-speed-pass-by-value/) version better, especially with the `std::move` edited in :)

FredOverflow 2010-09-21 14:14:49

Shouldn't the C++0x version return an rvalue reference? What's the point of using `move` if you return by value? [I admit, I'm an rvalue references noob, so maybe I'm wrong]

James McNellis 2010-09-21 15:17:46

@James: No, returning rvalue references is almost always wrong, because it can lead to a subtle problem with dangling rvalue references at client side. In this case, there is another obvious problem: `s` is destroyed when the function returns, so it would be a very bad idea to return an rvalue reference to it. The job of `std::move` is to *enable* moving by treating the argument as an rvalue, thus allowing the move constructor do have its way with `s` when leaving the function. Without the `std::move`, the copy constructor would initialize the return value, because `s += "\n"` is an lvalue.

FredOverflow 2010-09-21 15:54:22

@Fred: That's what I thought (concerning making the return type an rvalue reference). Now I understand why you move the string to return it, though. Thanks.

James McNellis 2010-09-21 17:46:26

GMan 2010-09-22 18:08:30

So in conclusion, I think the best way would be, for both C++03 and C++0x, `std::string AddnewlinetoString(std::string s){ s += '\n'; return s; }` Considering the parameter: in C++03, when working with an lvalue you'd make a copy anyway, so nothing is lost. And a compiler will elision the copy of an rvalue. In C++0x, you again make the needed copy, but are guaranteed to move-construct the parameter when it's given an rvalue. So nothing lost there. And then you do your manipulation, then return the copy. In C++03, you get NRVO and in C++0x, you get an implicit move return. (Again, I think.)

GMan 2010-09-22 18:11:40

@GMan: I had an email discussion with Doug Gregor on that matter, and he said that returning variables defined inside the function body are implicitly moved, but function arguments must be explicitly moved, because the function has no control over how they are created or some technical reason similar to that.

FredOverflow 2010-09-22 23:13:12

@Fred: Ah, ok. Good to know. :)

GMan 2010-09-23 00:34:32

Oh, and +1 then since I agree with your C++ variations, with that knowledge.

GMan 2010-09-23 03:53:05

Answer 5

+3 A:

Here is a corrected version (community wiki incase I missed anything)

// caller must free() returned buffer string!
char* AddnewlinetoString(char *s)
{
  size_t len;
  char * buffer;

  if (s == NULL)
    s = "";

  len = strlen(s);
  buffer = malloc(len+2);
  if (buffer == NULL)
    abort();
  strcpy(buffer,s);
  buffer[len] = '\n';
  buffer[len+1] = 0;
  return buffer;
}

As tony mentions, s may be a valid address but still be a malformed c-string, with no null bytes. The function could end up reading until it causes a segfault, or some other horrible thing. While this is still idiomatic C, most folks prefer counted strings (rather than null terminated ones.)

// caller must free() returned buffer string!
char* AddnewlinetoStringN(char *s, size_t len)
{
  char * buffer;

  if (s == NULL)
    s = "";

  buffer = malloc(len+1); // only add 1 byte, since there's no need for the nul
  if (buffer == NULL)
    abort();
  strncpy(buffer,s,len);
  buffer[len] = '\n';
  return buffer;
}

TokenMacGuy 2010-09-21 09:23:42

You're one character short on your malloc I think - you need space for the \n and the terminating NULL, so len+2.

JosephH 2010-09-21 09:26:49

I think you're right too, fixed now... (my C is a bit rusty)

TokenMacGuy 2010-09-21 09:32:13

i'd personally check for s being null as the first thing I did. This is a common problem with string args and if you dont check for it, it will assert.

Tony Lambert 2010-09-21 13:03:42

@Tony: Not a bad call, how do you like this version?

TokenMacGuy 2010-09-21 21:55:14

there is just one more little hole.... if you pass in a string without a terminating zero, but to nail that down you would need to assume maximum lengths for strings.

Tony Lambert 2010-09-22 10:18:53

Is this the level of question you need to pass to work for Microsoft these days? To work for Google they ask you how to move a mountain.

Tony Lambert 2010-09-22 10:20:07

* This seems to be the best answer by far yet has one of the lowest scores!

Tony Lambert 2010-09-22 10:22:59

Answer 6

+6 A:

I would also add that the name of the method should stick to pattern and each word should start with capital letter:

char* AddNewlineToString(char *s)
{
}

ps. Thanks Konrad, I have changed the method name as you have suggested

marmich 2010-09-21 09:45:34

But “newline” (as in “newline character”, not “new line of text”) is **one** word. The name should be `AddNewlineToString`.

Konrad Rudolph 2010-09-21 09:51:57

Answer 7

A:

In C++ it should be

std::string AddNewlineToString(const std::string& s) // pass by const reference
{
    return s + '\n'; // and let optimizer optimize memory allocations
}

Abyx 2010-09-21 12:47:38

Answer 8

A:

For c-style string it may be

char* // we want return a mutable string? OK
AddNewlineToString(
  const char* s // we don't need to change original string, so it's const
)
{
     const size_t MAX_SIZE = 1024; // if it's mutable string, 
                                   // it should have known capacity

     size_t len = strlen(s);            
     if(len + sizeof("\n") // to avoid the magic number "2"
         > MAX_SIZE)
         return NULL; // we don't know what to do with this situation,
                      // user will check result and make a decision -
                      // to log, raise exception, exit(), etc

     // static                    // we want thread-safe result
     char* buf = new char[1024];  // so we allocate memory in heap
         // and it's C-language-string but not C language :)

     memcpy(buf, s, len); // copy terminating zero, and rewrite it later? NO.
     memcpy(buf + len, "\n", sizeof("\n")); // compiler will do it in one action like
        // *(int16_t*)(buf + len) = *(int16_t*)"\n";
        // rather then two assigns

     return buf;
}

Abyx 2010-09-21 13:18:13

Your use of `sizeof("\n")` was initially unclear; I'm not sure avoiding a "magic number" is worth it in this case.

Dennis Zickefoose 2010-09-21 16:43:38

What's the point of using `new` but not `std::string`?

GMan 2010-09-22 18:16:59

@Gman: for example if we want provide a C-compatible interface. With heap allocated memory, we should provide only one function to delete any heap-allocated memory, but for allocated-by-string memory we can't easily do it.

Abyx 2010-09-22 18:50:00

@Abyx: Pretty strange to justify something with "It might be used in C." I wouldn't assume that in any of my code, and such an assumption is certainly outside the scope of the question.

GMan 2010-09-22 19:08:32

@GMan: not "in C" but "C-compatible". It means "in C#, F#, Python (ctypes), Haskell and lots of other languages". You can't export function with std::string result from DLL, and use this function in module written in another language (or module compiled by another C++ compiler too). It's Microsoft's question, it's about Windows, not cross-platform programming with gcc only.

Abyx 2010-09-22 19:38:44

@Abyx: Fair, but I reiterate my point: In C++, write C++. If you happen to need to interface with another language *then* change the code to do so. I think justifying your answers poor resource management with "It could be used by another language" is poor, since nothing says anything about such a requirement.

GMan 2010-09-22 22:35:06

Answer 9

A:

I would leave the Job Interview ....

2010-09-21 16:02:22

Whether you like it or not, legacy code exists. This doesn't seem like an inappropriate way to verify a candidate is capable of working with such code. I've certainly seen worse examples.

Dennis Zickefoose 2010-09-21 16:25:32

Exactly why would you leave the interview? This seems like exactly the kind of thing that should be in an interview, rather than all those stupid "how many gas stations does a city need" puzzle questions.

Kristopher Johnson 2010-09-23 23:13:34

First off all the job interview was at Microsoft, but that's just me bashing on Microsoft. The real problem I have with this question is that the company apparently thinks the degree and the experience I got seems worthless to them. A correct way to handle a candidate is to ask for any code references. Its 2010 and most of us have some source code on the internet (oh wait .. I forgot MS hates open source). To check whether the candidate can program you should check that source first before starting questions about some niggy-naggy small meaningless code-pieces during the interview.

2010-10-06 09:53:49

Being able to think is quite important in programming jobs. If you have some code snippets out there or even if you contributed to open source, if you can't think well, it may hurt the code base. There is usually no need to get the solution 100% correct the first time, because not always do you get 100% correct code the first time esp if you write it in C. The interviewers probably want to see your thinking process.

動靜能量 2010-10-16 13:33:29

Answer 10

+1 A:

No need for return pointer. Change the incoming pointer.

int len = strlen(s); s[len] = '\n'; s[len + 1] = '\0';

Manoj R 2010-09-23 11:44:09

It will not work, first assignment replaces terminating zero, and second strlen will return invalid result. You should swap them.

Abyx 2010-09-23 11:50:17

Nice. Edited now.

Manoj R 2010-09-23 12:45:42

That need not work always. What if the input is a `string literal` or a char array which has `len-1` char already stuffed in so that when you access index `len+1` you are stepping past the allocated memory.

codaddict 2010-09-23 12:52:31

Answer 11

+2 A:

The main problem with this code is that it's vulnerable to a stack buffer overflow exploit. It's a classic example.

Basically, the input char* can be made longer than 1024 bytes; these extra bytes will then overwrite the stack, allowing an attacker to modify the function return pointer to point to their malicious code. Your program will then unwittingly execute the malicious code.

Microsoft might be expected to care a good deal about these kinds of exploits, since the Code Red Worm famously used a stack buffer overflow to attack hundreds of thousands of computers running IIS web server software in 2001.

Miguel Vieira 2010-09-23 23:03:53

Answer 12

A:

Can be made very simple using strdup:

char* AddnewlinetoString(char *s) { char *buffer = strdup(s); buffer[strlen(s)-1] = '\n'; return buffer; }

2010-09-26 06:03:34

Answer 13

A:

Here goes a simpler way:

char* AddnewlinetoString(char *s)
{
  char buffer[strlen(s)+1];
  snprintf(buffer,strlen(s),"%s\n",s);
  return buffer;
}

gameover 2010-09-26 14:30:11

ansaurus

tags:

views:

answers:

Microsoft interview Question: Find the errors in this function

related questions