Thread: Buffer overflow issue.

  1. #1
    Registered User caroundw5h's Avatar
    Join Date
    Oct 2003
    Posts
    751

    Buffer overflow issue.

    So I was told if you use
    Code:
    char whatever[BUFSIZE +1]
    you could prevent buffer overflow. However on compiling a test program, it returned BUFSIZE to be have 513 bytes max. Doesn't that mean if you go over 514 then you can have a buffer overflow.

    Or does it make a difference if you use
    Code:
    scanf()
    or
    Code:
    gets()
    to get the user inputs.

    Here is my code to determine BUFSIZ
    Code:
    /* scanfTEST.c */
    
    #include <stdio.h>
    #include <ctype.h>
    #define PRAISE "My that is a nice name"
    
    int main (void)
    
    {
    
        char name[BUFSIZ+1];
        int size, nameLEN;
    
        printf("What is your name?\n");
        scanf(" %s", name); /* ignores leading whitespace but not the following whitespace */
        size = sizeof (name);
        nameLEN = strlen(name);
    
        printf("Hello, %s. %s\n", name, PRAISE);
        printf("Your name can hold max %d bytes. But its is now of %d charaters\n", size, nameLEN);
        system("pause");
        return (0);
    
    
    }

  2. #2
    Code Goddess Prelude's Avatar
    Join Date
    Sep 2001
    Posts
    9,897
    >you could prevent buffer overflow.
    No, you're confusing the operations of the input buffer with buffer overrun, where data is written beyond the boundaries of memory that you own.

    >scanf()
    Use of scanf is fine as long as you use it correctly. Otherwise it's awkward and unsafe.

    >gets()
    There's no way to make gets safe, forget it even exists and you'll be better off.
    My best code is written with the delete key.

  3. #3
    Registered User caroundw5h's Avatar
    Join Date
    Oct 2003
    Posts
    751
    Originally posted by Prelude
    >>you could prevent buffer overflow.
    No, you're confusing the operations of the input buffer with buffer overrun, where data is written beyond the boundaries of memory that you own.

    Could you explain a bit more please. Buffer overun is when data is written beyond what? your memory/storage capacity?. So buffer overflow is what? beyond your input buffer? ex
    Code:
    char buffer[40]
    anything beyond that is overflow? Is that correct. Would you even be able to input data beyound what is specified in the array?

  4. #4
    Code Goddess Prelude's Avatar
    Join Date
    Sep 2001
    Posts
    9,897
    >Could you explain a bit more please.
    The input buffer is a mechanism for efficiency. If the buffer is 512 bytes, then to avoid expensive I/O operations any new data will be passed to the buffer, not written to the final destination. When the buffer is full, it writes its contents to the final destination. The important thing to notice is that if there is more data, this process continues whether your program can handle it or not. If the input buffer holds 40 characters but the user enters 50, your program still gets 50.

    Buffer overflow is a bug in your code where your program receives more data than it can handle and begins trashing memory that it doesn't own. If you have an array that can only hold 40 characters, yet the user enters 50 and you aren't prepared for 50, that is buffer overflow. Buffer overflow and buffer overrun are synonyms. The distinction you need to make is the system's input buffer and your program's input buffer.
    My best code is written with the delete key.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Single Byte Buffer Overflow
    By Azimuth in forum C Programming
    Replies: 5
    Last Post: 02-07-2009, 11:59 AM
  2. Lame null append cause buffer to crash
    By cmoo in forum C Programming
    Replies: 8
    Last Post: 12-29-2008, 03:27 AM
  3. Simple (?) problem rendering a vertex buffer
    By Dark_Phoenix in forum Game Programming
    Replies: 4
    Last Post: 08-11-2007, 07:32 PM
  4. Replies: 15
    Last Post: 10-31-2005, 08:29 AM
  5. Does anyone Know How to..?
    By kwigibo in forum C Programming
    Replies: 12
    Last Post: 09-20-2001, 08:16 AM