All geek questions in one place

Why an array can take values ​​more than declared

int main(void) { char name1[5]; int count; printf("Please enter names\n"); count = scanf("%s",name1); printf("You entered name1 %s\n",name1); return 0; }

When I entered more than 5 characters, it printed the characters as I type, it was more than 5, but the char array is declared as:

 char name1[5];

Why did this happen

+4
source share
6 answers

Because characters are stored in addresses after "storage space". This is very dangerous and can lead to malfunctions.

eg. Suppose you enter the name: Michael, and the variable name1 starts at 0x1000.

 name1: M ichael \0 0x1000 0x1001 0x1002 0x1003 0x1004 0x1005 0x1006 0x1007 [................................]

The allocated space is displayed using [...] This means that memory 0x1005 is overwritten.

Decision:

Copy only 5 characters (including \ 0 at the end) or check the length of the entered string before copying it.

+12
source

This is an undefined behavior , you write outside the allocated memory. Anything can happen, including a program that works correctly.

The standard section of the C99 J.2 Undefined Behavior project says:

Undefined behavior in the following cases:

and contains the following brand:

The array index is out of range, even if the object is apparently accessible using (as in the expression lvalue a [1] [7], given the declaration int a [4] [5]) (6.5.6).

This refers to a more general case, since E1 [E2] is identical (* ((E1) + (E2))).

+6
source

This behavior is undefined; you cannot count on it. It just works, it may not work on another machine.

To avoid buffer overflow, use

 fgets(name1, sizeof(name1) - 1, stdin);

or in C11

 gets_s(name1, sizeof(name1) - 1);
+2
source

another example to make everything clearer:

  #include <stdio.h> int array[5] ; int main ( void ) { array[-1] = array[-1] ; // sound strange ?? printf ( "%d" , array[-1] ) ; // but work !! return 0 ; }

in this case, in the address, and you will get the number before or after this address, but this behavior is undefined if you do not know what you are doing. The pointer works c ++ or -!

+2
source

Other answers clearly show that this means some vulnerability for your program.

What can you learn from this? Let's pretend that

  int func(void) { char buffer[1]; ...

In almost every implementation of the C compiler, the code created here creates a local area of ​​the stack, and allows you to access this stack at the address specified in buffer . This stack also contains other important data. , for example: the address of the next line of code that will be run after the function returns to the caller.

So you could theoretically:

  • Enter a lot of code into your input function,
  • Create code that defines (in binary) a new function that does something ugly,
  • Write down the correct return address (on the stack) with the address that the new function will have if you write it outside the buffers.

This is called a buffer overflow exploit , you can read it here (and in many other places).

+1
source

Yes, this is allowed in C since there is no binding check.

+1
source

Source: https://habr.com/ru/post/1491456/

More articles:


All Articles