Conversation
daniel-falk
left a comment
daniel-falk
left a comment
There was a problem hiding this comment.
Hi,
I added some comments about vulnerabilities and error handling :)
/ Daniel
| int i; | ||
| char h[20]; | ||
| printf("Enter your name: \n"); | ||
| scanf("%s",h); //Takes input from the user |
There was a problem hiding this comment.
Using scanf like this is undefined behavior and can cause segfault or open up for malicious exploits. This will write the input to the stack until a word separator is found in the input, even if the input is longer than the size of the "h" buffer.
Use:
scanf("%19s", h); // leave 1 byte for the null-terminator
the rest of the line/word will be left in stdin and will be read by the next scanf instead of the number, so consider emptying stdin, e.g.
if (strlen(h) == sizeof(h)-1) while (getchar() != '\n'); // Empty left overs of name
| scanf("%s",h); //Takes input from the user | ||
| printf("Your name is: %s\n",h); | ||
| printf("Enter a number: \n"); | ||
| scanf("%d",&i); |
There was a problem hiding this comment.
If the input number does not fit in an signed integer it will roll over, if it is not a number it will set i to 0. Some error handling for these cases are good practice, see https://wiki.sei.cmu.edu/confluence/display/c/INT05-C.+Do+not+use+input+functions+to+convert+character+data+if+they+cannot+handle+all+possible+inputs
2 participants
No description provided.