system() , strtok() and pointers

This is a discussion on system() , strtok() and pointers within the C Programming forums, part of the General Programming Boards category; System() : I've seen many programmers who doesn't recommend using system() for the following reasons : a. They say that ...

  1. #1
    former member Brain Cell's Avatar
    Join Date
    Feb 2004
    Posts
    472

    Post system() , strtok() and pointers

    1. System() :
      I've seen many programmers who doesn't recommend using system() for the following reasons :

      a. They say that someone may "map" your program to do something else and you wouldn't know about it.

      What does that mean? does "he" like replace the program between the quotes (in system()) with another malicious program using the same name for example?

      b. They say its slow in bigger programs. I don't understand this part , why would it go slow?? and are there any other cons for system()?


    2. strtok() , when you use it on a string , then use it again with NULL as its first argument it would continue on the same string right?

      What i wanna know is , does it save the string as "static" on the first call and check later if i wanna use the same string or not? (might be stupid question but im curious).

      and how\where can i see the code of a standard function? (im using VC++)

    3. I just noticed that all kinds of pointers (double , int , long , char) are 4 bytes big. Is this a constant size on all computers? or is the size at least the same for all pointers on all computers?

      *EDIT* and what does my computer fill in those 4 bytes, the object's adress in memory?



    thanks for your time
    Last edited by Brain Cell; 12-17-2004 at 11:38 AM.
    My Tutorials :
    - Bad programming practices in : C
    - C\C++ Tips
    (constrcutive criticism is very welcome)


    - Brain Cell

  2. #2
    C Programmer Stack Overflow's Avatar
    Join Date
    Apr 2004
    Posts
    477
    Hello,

    1) Following information below:

    a. By calling system(), you are invoking the default shell. For example, system("pause"); The shell executes the command-line given to it which runs the 'pause.exe' program. So your simple c program is relying on two external programs for checking a single key press. Though, what if someone deleted or renamed 'pause.exe'? Better yet, what if someone tried to compile your program on unix, or another operating system...It wouldn't work

    b. I would have to say that a is the main reason. It has to invoke a shell which takes time. It has to run a seperate program too, i.e. pause.exe.

    2) To parse a string, you must call strtok multiple times. The first time pass the string as the first parameter to strtok; for the second and subsequent calls, pass a null pointer. Because strtok saves str, you can have only one series of strtok calls active at a time. Each call to strtok can use a different delimset.

    When strtok is called with a null pointer as the first parameter, it starts searching for the next token at the same point where the previous search ended.

    Edit: strtok source

    3) I'm not entirely sure. I do know pointers are 4 bytes in 32-bit Windows environments. Note that pointers themselves are allocated from the stack, just like local variables (a 32-bit pointer would use 4 bytes from the stack, and then the memory required for the record would be allocated from the heap).

    Edit: Here is a sample:
    Code:
    Sample Code Location Data
    int Number = 0x555141;	1004		0x555141
    int *pNumber = &Number;	1008		1004
    int n = *pNumber;	100C		0x555141
    - Stack Overflow
    Last edited by Stack Overflow; 12-17-2004 at 11:51 AM. Reason: More info.
    Segmentation Fault: I am an error in which a running program attempts to access memory not allocated to it and core dumps with a segmentation violation error. This is often caused by improper usage of pointers, attempts to access a non-existent or read-only physical memory address, re-use of memory if freed within the same scope, de-referencing a null pointer, or (in C) inadvertently using a non-pointer variable as a pointer.

  3. #3
    & the hat of GPL slaying Thantos's Avatar
    Join Date
    Sep 2001
    Posts
    5,681
    Since Stack covered 1 & 2 I'll take number 3:
    I just noticed that all kinds of pointers (double , int , long , char) are 4 bytes big. Is this a constant size on all computers? or is the size at least the same for all pointers on all computers?

    *EDIT* and what does my computer fill in those 4 bytes, the object's adress in memory?
    4 bytes is no standard accross all computers. There are platforms where a void * would be 2 bytes and all other pointers are 3 bytes. On a 64 bit system I wouldn't be surprised to see 8 byte pointers.

    A pointer will hold the address at the minimum. They can also hold the type (or at least the size of the type).

  4. #4
    Just Lurking Dave_Sinkula's Avatar
    Join Date
    Oct 2002
    Posts
    5,006
    Quote Originally Posted by Stack Overflow
    Note that pointers themselves are allocated from the stack, just like local variables
    If you so choose -- that is, you can have global or dynamic pointer variables as well.
    7. It is easier to write an incorrect program than understand a correct one.
    40. There are two ways to write error-free programs; only the third one works.*

  5. #5
    former member Brain Cell's Avatar
    Join Date
    Feb 2004
    Posts
    472
    Thanks alot Stack and Thantos

    I still need to know why some say that system() is slow. (if i remember well , Prelude said that once)
    My Tutorials :
    - Bad programming practices in : C
    - C\C++ Tips
    (constrcutive criticism is very welcome)


    - Brain Cell

  6. #6
    C Programmer Stack Overflow's Avatar
    Join Date
    Apr 2004
    Posts
    477
    You're welcome.

    And you can find Prelude's post(s) about that here, here or here.


    - Stack Overflow
    Last edited by Stack Overflow; 12-17-2004 at 12:28 PM. Reason: Another link.
    Segmentation Fault: I am an error in which a running program attempts to access memory not allocated to it and core dumps with a segmentation violation error. This is often caused by improper usage of pointers, attempts to access a non-existent or read-only physical memory address, re-use of memory if freed within the same scope, de-referencing a null pointer, or (in C) inadvertently using a non-pointer variable as a pointer.

  7. #7
    former member Brain Cell's Avatar
    Join Date
    Feb 2004
    Posts
    472
    I was talking about this post. I guess my searching skills betrayed me this time

    When i read what Prelude said about the time system() needs to successfly execute , i thought of a little experiment :
    Code:
    #include <stdio.h>
    #include <stdlib.h>
    
    int main(void)
    {
    	printf("one");
    	system("CLS");
    	printf("two");
    	system("CLS");
    	printf("three");
    	system("CLS");
    	printf("four");
    	system("CLS");
    	printf("five");
    	system("CLS");
    	printf("final\n");
    	return 0;
    }
    And its really slow , i just didn't notice it in my programs. Thanks again Stack
    My Tutorials :
    - Bad programming practices in : C
    - C\C++ Tips
    (constrcutive criticism is very welcome)


    - Brain Cell

  8. #8
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,824
    > # I just noticed that all kinds of pointers (double , int , long , char) are 4 bytes big. Is this a constant size
    > on all computers?
    Nope - http://www.eskimo.com/~scs/C-faq/q5.17.html

  9. #9
    Banned master5001's Avatar
    Join Date
    Aug 2001
    Location
    Visalia, CA, USA
    Posts
    3,685
    If you are making code that will be ported you should never take a pointer size for granted. Its wise to use the sizeof() operator in place of a hard-coded numeric value. As far as all kinds of pointers being the same size, if you do a sizeof() on a pointer to a function you may find its larger than you had expected.

    [edit]
    Oops I got so caught up in the way the thread digressed I forgot to add my original point The thing with system() is an issue, yes, but also bear in mind no matter what you do to spawn another process, unless you give a full path to the program, malicious code can still be added. When people say this I think they mostly refer to rerouting your program to call an evil version of programs such as pause. But if you are wanting to get rid of that issue, you could always call pause via its full path.

    In the case of pause, I suggest using code such as:

    Example:
    Code:
    puts("Please press any key to continue.");
    getchar();
    [/edit]
    Last edited by master5001; 12-18-2004 at 01:34 AM.

  10. #10
    former member Brain Cell's Avatar
    Join Date
    Feb 2004
    Posts
    472
    Salem :
    Thanks for the link . I'll read it when im done with my exams

    master5001 :
    Thanks for the addition. I don't actually use system() for pausing my programs. I know its "bad" but i wanted to know why

    But if you are wanting to get rid of that issue, you could always call pause via its full path.
    but the possibility of replacing the pause program would still exist. I mean someone can replace the program in the actual folder\path right?
    My Tutorials :
    - Bad programming practices in : C
    - C\C++ Tips
    (constrcutive criticism is very welcome)


    - Brain Cell

  11. #11
    Widdle Coding Peon Aerie's Avatar
    Join Date
    Dec 2004
    Posts
    115
    Yup.
    I live in a giant bucket.

  12. #12
    Banned master5001's Avatar
    Join Date
    Aug 2001
    Location
    Visalia, CA, USA
    Posts
    3,685
    Truthfully, sort of doing an md5 checksum on the target paths and compare it to what the md5 checksum of the actual program (which would actually have multiple md5's since most programs have multiple versions floating around) there are some things one must take on faith. If you are as a programmer are calling another process, and that other process has been tampered with in some way, its not technically something that you did wrong. However, there are some things that are bad form. If you use a commonly called program, lets continue using pause as an example, then you are calling a program that may be a more likely target for attack.

    So one must use their best judgement. No one ever said other programmers play fairly.

  13. #13
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,893
    Haha, can you imagine doing an md5 to cover all possible versions of, say, ls floating around in the Linux world (not to mention all Unix)? Every architecture, every optimization flag, every compile-time option would give a different checksum. I reckon there must be thousands, if not more, different checksums out there.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  14. #14
    Widdle Coding Peon Aerie's Avatar
    Join Date
    Dec 2004
    Posts
    115
    As many as there are updated versions of that for each distro, plus one for every time someone's compiled it using different libraries, compiler flags, compiler versions, etc...

    I'd say the number's probably at least several million, especially if you take into account things like Gentoo, where stuff's compiled every week or so...
    I live in a giant bucket.

  15. #15
    Banned master5001's Avatar
    Join Date
    Aug 2001
    Location
    Visalia, CA, USA
    Posts
    3,685
    Yep, which also doesn't even account for the overhead of checking through this fat list of possible md5's for a given process you are spawning. Additionally, calculating an md5 isn't exactly instantaneous. I image that to do this sort of security measure it may make the simple act of having code like this:

    Example:
    Code:
    secure_system("pause"); // function will md5 the pause found, and compare it to a list
    Take several seconds to execute (btw, several is an understatement. an md5 takes 2-7 seconds to calculate on my machine).

Page 1 of 2 12 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. strtok safety
    By Elkvis in forum C++ Programming
    Replies: 12
    Last Post: 07-02-2009, 10:48 AM
  2. A problem with pointers
    By vsla in forum C Programming
    Replies: 2
    Last Post: 10-10-2007, 05:14 AM
  3. strtok function
    By hello124 in forum C++ Programming
    Replies: 8
    Last Post: 04-23-2005, 07:58 AM
  4. any suggestion - pointer, strtok, function etc
    By Unregistered in forum C Programming
    Replies: 1
    Last Post: 01-13-2002, 02:04 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21