I found a replace string by string...how secure it is?

This is a discussion on I found a replace string by string...how secure it is? within the C++ Programming forums, part of the General Programming Boards category; Code: int SearchAndReplace(char *outString,char *inString,char *searchString,char *replaceString) { char *p; int lenReplace, lenSearch, len, count = 0; while ((p = ...

  1. #1
    Registered User Joelito's Avatar
    Join Date
    Mar 2005
    Location
    Tijuana, BC, México
    Posts
    308

    I found a replace string by string...how secure it is?

    Code:
    int SearchAndReplace(char *outString,char *inString,char *searchString,char *replaceString)
    {
    	char *p;
    	int lenReplace, lenSearch, len, count = 0;
    
         while ((p = strstr(inString, searchString)) != NULL)
    	 {
    		 if (count == 0)
    		 {
    			 lenReplace = strlen (replaceString);
    			 lenSearch  = strlen (searchString);
    		 }
    		 count++;
    		 len = p-inString;
    		 CopyMemory(outString, inString, len);
    		 outString += len;
    		 inString = p+lenSearch;
    		 CopyMemory(outString, replaceString, lenReplace);
    		 outString += lenReplace;
    	 }
    	 lstrcpy (outString, inString);
         return count;
    }
    How effective is? Any leaks?
    * PC: Intel Core 2 DUO E6550 @ 2.33 GHz with 2 GB RAM: Archlinux-i686 with xfce4.
    * Laptop: Intel Core 2 DUO T6600 @ 2.20 GHz with 4 GB RAM: Archlinux-x86-64 with xfce4.

  2. #2
    Registered User hk_mp5kpdw's Avatar
    Join Date
    Jan 2002
    Location
    Northern Virginia/Washington DC Metropolitan Area
    Posts
    3,801
    There seems to be no capacity to prevent overwrites of the destination character array (outString)... you can potentially write more to this array than its capacity can hold. Since this is the C++ forum, how about using a std::string version of the function where you wouldn't have to worry about that kind of thing, something like:

    Code:
    int SearchAndReplace(string& out_str, const string& in_str,
                         const string& find_str, const string& replace_str)
    {
        string::size_type indx = 0;
        int count = 0;
    
        out_str = in_str;
        while( (indx = out.find(find_str,indx)) != string::npos )
        {
            out.replace(indx,find_str.length(),replace_str);
            indx += replace_str.length();
            ++count;
        }
        return count;
    }
    "Owners of dogs will have noticed that, if you provide them with food and water and shelter and affection, they will think you are god. Whereas owners of cats are compelled to realize that, if you provide them with food and water and shelter and affection, they draw the conclusion that they are gods."
    -Christopher Hitchens

  3. #3
    and the hat of wrongness Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,531
    Well it's pretty poor to use char* for strings in C++

    All except outstring should be declared as const.

    There is no indication of the length of the buffer outstring points to (buffer overflows abound)
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
    I support http://www.ukip.org/ as the first necessary step to a free Europe.

  4. #4
    Registered User Joelito's Avatar
    Join Date
    Mar 2005
    Location
    Tijuana, BC, México
    Posts
    308
    Thanks to everyone:

    Does anyone know a C style one?
    * PC: Intel Core 2 DUO E6550 @ 2.33 GHz with 2 GB RAM: Archlinux-i686 with xfce4.
    * Laptop: Intel Core 2 DUO T6600 @ 2.20 GHz with 4 GB RAM: Archlinux-x86-64 with xfce4.

  5. #5
    and the hat of wrongness Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,531
    > Does anyone know a C style one?
    That is a C style one.

    Or do you mean how to make it safer?

    Well pass an out length for starters, and code it in yourself. Post your attempt here for further comment.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
    I support http://www.ukip.org/ as the first necessary step to a free Europe.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. We Got _DEBUG Errors
    By Tonto in forum Windows Programming
    Replies: 5
    Last Post: 12-22-2006, 04:45 PM
  2. Message class ** Need help befor 12am tonight**
    By TransformedBG in forum C++ Programming
    Replies: 1
    Last Post: 11-29-2006, 10:03 PM
  3. Another overloading "<<" problem
    By alphaoide in forum C++ Programming
    Replies: 18
    Last Post: 09-30-2003, 10:32 AM
  4. Again Character Count, Word Count and String Search
    By client in forum C Programming
    Replies: 2
    Last Post: 05-09-2002, 11:40 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21