Thread: How to get back-to-back digits from the first line in any file

X1.txt

Code:

July15 
July1 
August15 
August1

I managed to get something done using C since my previous question. I finally thought to extract the lines I needed instead of deleting the ones I don’t. I’ts not perfect but it’s better then nothing. Now I’m trying to get the digits that are in the first line in a file and copy them to array_2 so that I can operate on it latter. This code can only get one digit and that’s no good. What is needed to make this work?

Code:

#include <string.h>
#include <stdio.h>
#include <ctype.h>

#define BUFFER_MAX 512
#define MEM (BUFFER_MAX+1)

FILE *fptr, *fptw;
char array_1[MEM];
char array_2[MEM];

int main()
{

  unsigned int len1;
  unsigned int len2;

  fptw = fopen("X2.txt", "w");
  fclose(fptw);

  // read file into a buffer.
  fptr = fopen("X1.txt", "r");
  len1 = fread(array_1, sizeof(char), BUFFER_MAX, fptr);
  array_1[len1] = '\0';
  fclose(fptr);

  // get digits from the first line in a file.
  char *s = array_1;
  if (!isdigit(*s)) {
    while (*s && !isdigit(*++s));
  }
  if (*s)
    putchar(*s);

  printf("  size=\%db.  One number missing.\n", len1);
  return 0;
}

Result: 1 size=30b. one number missing.

Write a function to extract the digits in a string. Test it. After you are sure, you can then use this function on the lines of your text file by reading them as strings.

If it’s out there, I read and tested tons of C functions doing these past hours that will not grab more then one plain number just like the block in my example. This is strike-3 for me.

I keep coming back to this since nothing works off the WWW and nothing that I can figure:: Is there a way to make this loop or continue to get the 2^nd number directly next to it if any?

Code:

char *s = array_1;
if (!isdigit(*s)) {
  while (*s && !isdigit(*++s));
}
if (*s)
  putchar(*s);

printf("  size=\%db.  One number missing.\n", len1);

I was thinking along the lines of:

Code:

char *extract_consecutive_digits(const char *input, char *output, size_t output_size)
{
    const char *digits = input + strcspn(input, "0123456789");
    size_t i = 0;
    while (i < output_size - 1 && isdigit(digits[i]))
    {
        output[i] = digits[i];
        ++i;
    }
    output[i] = '\0';
    return output;
}

Originally Posted by jc2020

I finally got something to work! It was there aready. I just needed to print the s-varable.

Code:

  printf(s);


fopen( "c.txt", "wb" );
fwrite( s, 1, 3, fptw );
fclose(fptw);

Theres a warning but I'm not going to let it worry me right now.

Code:

/matchDate.c:55:10: warning: format string is not a
      string literal (potentially insecure) [-Wformat-security]
  printf(s);
         ^
1 warning generated.

It's a security weakness.

See Denial of Service here

It's not just a security issue, it's a potential bug even under normal usage by a trusted user: if the string accidentally is constructed to contain a format specification, the behaviour is then undefined. It's only not a bug if you have constructed the format string from a string literal itself such that you are sure that it cannot contain anything that will be specially interpreted as part of a format string. It is a potential bug in all other cases, regardless of where you deploy the program.

As for how much of a security issue it could be: in each of your cases, ask yourself if a malicious user could control the input.

Thanks you for the explanation @laserlight and @Click_here for bringing this to the light.


I always figure it depends on the situation but those hints are never included. Now I know on a scale of 0 -100% safety, it is still a potential bug. I’m happy to know this because I will not be leaving any form of print() functions in production code. That little piece of isdigit code works flawlessly so I removed:

Code:

if(*s)
putchar(*s);
printf(s);

… and now the warning is gone.

The key is how you save with fwrite to get more back-to-back numbers to show. Now things are finally becoming clear to me.

Would this effect a standalone c-program running inside a jail which has no connection to the internet what-so-ever?

It's those sort of assumptions that people look for.

Remember, just because we can't think of a way someone can access the programme, doesn't mean someone else can't.

An example of this is when people leave their 2nd story balcony door open on hot days with the assumption that no one can get on it - Makes sense, right? But for someone who wants to get in, all they would need is a ladder. You could then say, "but someone will see them working up to the house with a ladder" - But most houses keep their ladders outside up against the house... My point is that when you start making assumptions, you need to understand that they are sometimes wrong.

Don't leave a window open in your code and think that no one will think of a way to get to it.

My only remaining question is how would I save it to array_2 so I can operation on it latter before closing the program? or how to use memcopy I guess?

strncpy is probably what you are after.

Originally Posted by jc2020

I finally got something to work! It was there aready.

That's only true if you know for sure that the input ends in digits only.

Originally Posted by jc2020

I will not be leaving any form of print() functions in production code.

If you want to print to standard output, printf is fine. It was your use of it that was problematic. You could have written:

Code:

printf("%s\n", s);

You will find a similiar idea if you ever deal with SQL and database libraries: to avoid SQL injection, the best practice is to separate the data from the code. For such databases, the code is the SQL code with placeholders and the data consists of the values/variables to be bound to the placeholders, whereas for printf, the "code" is the format string with format specifiers and the "data" consists of arguments corresponding to the format specifiers.