ansaurus

Question

Answer 1

+12 A:

scanf("%s", ...)

This expects a buffer (scanf needs to write into it) and you give it an uninitialized pointer, that could point anywhere.

Consider doing one of the following:

Make Name a character buffer instead:

typedef struct
{
    int Level;
    char Name[100];
} Base;

Initialize it from the heap:

baseStruct.Name = malloc(100); /* do not forget to cleanup with `free()` */

You should also specify max string length in scanf format string to prevent overflow:

/* assume 'Name' is a buffer 100 characters long */
scanf("%99s", baseStruct.Name);

Alex B 2010-10-06 23:40:02

@Alex B: Max string length is optional from the `scanf` point of view, but in order to ensure that you will get a working program it should be treated as mandatory. Not including the max length specifier will create yet another program vulnerable to buffer overflows.

Schedler 2010-10-07 00:10:23

@Schedler I'm not sure what you mean. That's exactly what I said in my answer, no?

Alex B 2010-10-07 00:20:32

Answer 2

+1 A:

Name is just an uninitialized pointer to a string. It doesn't point to anything useful. You'll need to initialize it properly to a string buffer. Also, you may want to limit the string through the formatting (like %100s) to make sure you don't overrun your buffer.

EboMike 2010-10-06 23:41:03

Where do you find a version of the STL for C?

Sinan Ünür 2010-10-06 23:53:52

Well, sue me, I missed me tag that this is a C-specific problem.

EboMike 2010-10-07 00:01:11

Answer 3

+1 A:

Don't feel bad everyone makes that mistake. The char * stands for a "pointer to a character" but the memory for the string itself is not allocated.

Add:

baseStruct.Name = malloc(sizeof(char)*100);

(note my syntax may be off a little)

Gabriel 2010-10-06 23:42:16

Of course, this will spectacularly crash if the user enters more than 100 characters. Using scanf on strings is unsafe unless you're absolutely sure about the input.

EboMike 2010-10-06 23:44:08

Also, you'll need to cast the result to char *.

EboMike 2010-10-06 23:44:39

@EboMike This is C. So, no need to cast the return value of `malloc`. @Gabriel `sizeof(char)` is always `1`.

Sinan Ünür 2010-10-06 23:47:25

Answer 4

A:

You haven't allocated any storage for Base.Name. You're scanning a string into a a pointer that doesn't point to any storage.

Allocate some space for the string. The problem is that you don't know how big a string will be copied in using scanf. Suppose you malloc 256 bytes and then scanf loads in a 300 byte string? Either allocate a string sufficiently large to handle all possible results from scanf, or modify your scanf to limit the characters, like:

baseStruct.Name = malloc(sizeof(char) * 256);
scanf("%256s", baseStruct.Name);

Kluge 2010-10-06 23:47:48

The standard says `sizeof(char)` is always 1, so it's not really necessary.

Alex B 2010-10-06 23:51:08

**Ouch!** You allocated 256 bytes and specified `%256s`.

Sinan Ünür 2010-10-06 23:53:11

`sizeof(char)` is always 1, so it is redundant. Alternatively, you *could* use `sizeof(*baseStruct.Name)` if it is likely that the type of `baseStruct.Name` could change from `char*` to `wchar_t*`, etc.

dreamlax 2010-10-06 23:57:15

@Kludge: I think allocating a string sufficiently large is not a realistic option, as the size of this string would likely be exactly the maximum size `malloc` can return under, leaving the program still vulnerable to buffer overflows.

Schedler 2010-10-07 00:08:01

@Sinan: Ouch is right. Should have been %255s. @dreamlax: Also right. Sigh...

Kluge 2010-10-07 00:08:54

Answer 5

A:

As others have pointed out, baseStruct.Name does not point to a valid memory region. However, allocating a fixed sized buffer is no safer. For a learning exercise, use

typedef struct
{
    int Level;
    char Name[1];
} Base;

and enter long strings to examine effects of buffer overflows.

For safe handling of input of indeterminate length, use fgets and sscanf or strtol (or strtoul if Base.Level cannot be negative.

Here is an example:

#include <ctype.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define INITIAL_BUFSIZE 100
#define MAX_BUFSIZE 30000

char *myreadline(FILE *fin) {
    char *buffer;
    int offset = 0;
    int bufsize = INITIAL_BUFSIZE;
    buffer = malloc(bufsize);

    if ( !buffer ) {
        return NULL;
    }

    while ( fgets(buffer + offset, bufsize, fin) ) {
        size_t last = strlen(buffer) - 1;
        if ( buffer[last] == (char) '\n' ) {
            buffer[last] = 0;
            break;
        }
        else {
            char *tmp;
            offset += bufsize - 1;
            bufsize *= 2;
            if ( bufsize > MAX_BUFSIZE ) {
                break;
            }
            tmp = realloc(buffer, bufsize);
            if ( !tmp ) {
                break;
            }
            else {
                buffer = tmp;
            }
        }
    }
    return buffer;
}

int myreadint(FILE *fin, int *i) {
    long x;
    char *endp;
    char *line = myreadline(fin);

    if ( !line ) {
        return 0;
    }

    x = strtol(line, &endp, 10);

    if ( (!*endp || isspace((unsigned char) *endp) )
            && (x >= INT_MIN) && (x <= INT_MAX ) ) {
        *i = (int) x;
        free(line);
        return 1;
    }

    return 0;
}

typedef struct base_struct {
    int Level;
    char* Name;
} Base;

int main(int argc, char *argv[]) {
    Base bs;
    int i;

    puts("Enter name:");
    bs.Name = myreadline(stdin);
    if ( !bs.Name ) {
        fputs("Cannot read Name", stderr);
        return EXIT_FAILURE;
    }

    puts("Enter level:");
    if ( myreadint(stdin, &i) ) {
        bs.Level = i;
        printf("Name: %s\nLevel: %d\n", bs.Name, bs.Level);
        free(bs.Name);
    }
    else {
        fputs("Cannot read Level", stderr);
        return EXIT_FAILURE;
    }


    return 0;
}

Output:

C:\Temp> t
Enter name:
A dark and mysterious dungeon
Enter level:
3456772
Name: A dark and mysterious dungeon
Level: 3456772

Sinan Ünür 2010-10-06 23:51:06

I don't think just using `sscanf` instead of `scanf` will make any difference. You still have to put max string length in the format specifier if using either of them.

Alex B 2010-10-06 23:54:02

Using `fgets` to read input allows you to adjust the buffer size to accommodate any practical size string by using `realloc`. You can then use `sscanf` or `strto(ld)` to convert numbers. Obviously, you would not use `sscanf` when you are just reading a string.

Sinan Ünür 2010-10-06 23:59:03

@Sinan OK I see what you mean.

Alex B 2010-10-07 00:00:24

ansaurus

tags:

views:

answers:

Why does this C program crash?

related questions