Overflow

[valthyx]

guys, this is my code:

Code:

int array[5];
int index;
int i;

for (i=0;i<5;i = i+1)
  {
 printf ("please enter integer number %d:", i+1);
   scanf ("%f", &array[i]);
}

printf ("which integer number you want to see");
fflush (stdin);
scanf ("%d", &index);
printf ("number %d is %f", index, array[index-1]);

i entered 1.1, 2.2, 3.3, 4.4, 5.5 into the array and when it prompt for the "which integer number you want to see" i entered 5, so it showed 5.5. However, what if i typed 6 or some other numbers? Will it cause my program to be vulnerable?

[laserlight]

Your code seems to have an infinite loop since 1 < 5 is always true. Stop using fflush(stdin).

However, what if i typed 6 or some other numbers? Will it cause my program to be vulnerable?

Your program already is vulnerable since it does not check to prevent array out of bounds access.

[matsp]

Right, so you store float values in an integer, array, and then pass that onto printf with a float type output. That's definitely in "undefined behaviour" land.

If you use the correct types, you should get the correct values.

Also, fflush(stdin) is undefined - it MAY do what you expect it to do, but it may also explode in your face if you are not so lucky - see the FAQ.

As to the array overflow - since you are not STORING values in the array, it's fairly harmless. Beyond showing values of complete rubbish, the most likely bad thing that can happen is that the process gets killed for accessing outside of it's allowed memory [1]. Vulnerability from array index overflows happen when the user can WRITE to memory that is beyond what he/she is supposed to enter data into. This is particularly so if the memory also can lead to execution of the data entered, such as local array variables.

[1] Note however that in certain situation, this can stop other processes from functioning correctly. For example, if the current process creates a lock-file to prevent other processes of the same kind from accessing some shared resource, then that lock-file should be removed when the process exits, but it being killed like this, it will not exit the normal way - not even exit-handlers such as "onexit()" will run.

--
Mats

[matsp]

Your code seems to have an infinite loop since 1 < 5 is always true.

Huh?

--
Mats

[cyberfish]

Code:

i = i+1)

More conventionally

Code:

i++)

[laserlight]

Huh?

Yes, it was a 1, not an i or an l. Speaking of which: valthyx, next time copy and paste from your editor/IDE instead of rewriting the code. It makes things more difficult when new typographical errors obscure what you are talking about in your actual code.

[valthyx]

Laserlight.. sorry, yes, i retyped it (error-prone),.

Why shouldnt i use fflush()? what else can i use?

I use it because my tutorial taught me so. I am still new.

[cyberfish]

see the FAQ

Have you?

[matsp]

Laserlight.. sorry, yes, i retyped it (error-prone),.

Why shouldnt i use fflush()? what else can i use?

I use it because my tutorial taught me so. I am still new.

Your tutorial is teaching you BAD habits!

--
Mats

[valthyx]

I am actually leaning c programming from video traning. He taught me those wrong things.

Previously, I tried to learn from "The C programming language 2nd edition" but sometimes I could not follow the tutorials in there, I felt that it is lack of explanation. So, i decided to stop reading it. Please suggest some other books where it will teach you from beginner to advanced level. And I would like to learn about socket programming and those #include signal.h (includes)..etc....as well.

Any suggestion of books?

[BEN10]

I am actually leaning c programming from video traning. He taught me those wrong things.

Previously, I tried to learn from "The C programming language 2nd edition" but sometimes I could not follow the tutorials in there, I felt that it is lack of explanation. So, i decided to stop reading it. Please suggest some other books where it will teach you from beginner to advanced level. And I would like to learn about socket programming and those #include signal.h (includes)..etc....as well.

Any suggestion of books?

I would suggest you Let Us C by Yashwant kanetkar. I know that that book doesn't follow standard C but it will definitely give you deep explanation of everything. And once you know the basics you can go to other advanced books also.

[nonoob]

Also, fflush(stdin) is undefined - it MAY do what you expect it to do, but it may also explode in your face if you are not so lucky - see the FAQ.

I'd like to look that up but I did a search for "flush", "fflush", "stdin" in the FAQ forums and couldn't find anything.

[ಠ_ಠ]

I'd like to look that up but I did a search for "flush", "fflush", "stdin" in the FAQ forums and couldn't find anything.

really? because it's the first result for all of those

[tabstop]

I'd like to look that up but I did a search for "flush", "fflush", "stdin" in the FAQ forums and couldn't find anything.

Not that hard to find: Cprogramming.com FAQ > Why fflush(stdin) is wrong

[nonoob]

Sorry, people. I was looking in the "FAQ Board" ( FAQ Board ). Now I don't know what good that place is.