473,322 Members | 1,496 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

safe scanf( ) or gets

Hi ! I was wondering how to quickly and safely use a safe scanf( ) or gets
function... I mean.. if I do :

char a[256];
scanf("%s", a);
and the user input a 257 char string..
that creates a problem.. same for gets..

even if you create a char array that's 99999999999999 char long.. if the
user input something longer it will still be a bug.. and I don't want
this..

<OT>
C++ have std::string that dynamicaly realloc themself if they are running
too big, but what about us ?
</OT>

I though about using character input function, from stdin, and then create a
string with this single character, then appending this character to the then
end of a string, and if the string gets too small, realloc( ) a bigger
one.. however this is quite annoying to do this each time I want to read
input.. yes I could create a function with this.. and that's what I gonna
do.. however I was wondering what you C experts were doing to avoid a
segfault or a bug in a such situation

thanks !
Nov 14 '05
57 11666
On Tue, 16 Dec 2003 21:17:57 +0000 (UTC)
Christopher Benson-Manica <at***@nospam.cyberspace.org> wrote:
Flash Gordon <sp**@flash-gordon.me.uk> spoke thus:
Also command line tools are far better (so the support staff tell
me) when you have to log on to a machine across the internet or a
dial up and fix things.


Just to elaborate: Which do you think is faster - accessing a
computer's desktop graphically via PCAnywhere or some such
application, or accessing a computer via ssh on the command line?


My personal experience is that a command line interface is much faster
for such things even if you have a broadband connection rather than just
a dial up.
--
Flash Gordon
Paid to be a Geek & a Senior Software Developer
Although my email address says spamtrap, it is real and I read it.
Nov 14 '05 #51

"Malcolm" <ma*****@55bank.freeserve.co.uk> a écrit dans le message de
news:br**********@newsg4.svr.pol.co.uk...

"Grumble" <in*****@kma.eu.org> wrote in message

Malcolm wrote:
I rest my case.


Is your being a troll now official, then?

We all like a joke at the expense of Microsoft. However anyone who takes
these jokes seriously has disqualified himself as someone who knows
something about the world of computers.


Humm ok that definately tells me how to use stdin securely, thanks
Nov 14 '05 #52
Eric Boutin wrote:

"Malcolm" <ma*****@55bank.freeserve.co.uk> a ecrit dans le message de
news:br**********@newsg4.svr.pol.co.uk...

"Grumble" <in*****@kma.eu.org> wrote in message
>
> Malcolm wrote:
> > I rest my case.
>
> Is your being a troll now official, then?
>

We all like a joke at the expense of Microsoft. However anyone who takes
these jokes seriously has disqualified himself as someone who knows
something about the world of computers.


Humm ok that definately tells me how to use stdin securely, thanks


There has been lots of excellent advice in this thread about how to use
stdin securely, but it's not always easy for an advisee to know which
advisers' advise can be trusted.

If you want to know who you can trust, the only real way to find out is to
read the newsgroup for a while (at least a couple of months). After a
while, you'll find out who gives reasoned opinions, typically backed by
references to the Standard that defines the language, and who doesn't.

Also, you'll find that the real experts tend to recognise each other, and
this is apparent from their discussions. These are the people you can learn
from; trolls need not interfere with your learning too heavily.

--
Richard Heathfield : bi****@eton.powernet.co.uk
"Usenet is a strange place." - Dennis M Ritchie, 29 July 1999.
C FAQ: http://www.eskimo.com/~scs/C-faq/top.html
K&R answers, C books, etc: http://users.powernet.co.uk/eton
Nov 14 '05 #53
"Eric Boutin" <er**@nic.nac.wdyn.de> wrote in message news:<xy*********************@wagner.videotron.net >...
Hi ! I was wondering how to quickly and safely use a safe scanf( ) or gets
function... I mean.. if I do :

char a[256];
scanf("%s", a);
and the user input a 257 char string..
that creates a problem.. same for gets..


Get the Sfio library (www.research.att.com/sw/tools/sfio).
It allows you to say something like:
scanf("%I256s",a);
or more dynamically:
scanf("%I*s", sizeof(a), a);
the flag I says that the size of the array will be given next. The * means that
the size is given as an argument.

For gets() type of things, uses the sfgetr() function which does memory allocation
as necessary to get the entire string.
Nov 14 '05 #54
On Mon, 15 Dec 2003 18:24:38 -0000 Malcolm <ma*****@55bank.freeserve.co.uk> wrote:

| "The Real OS/2 Guy" <os****@pc-rosenau.de> wrote in message
|> We've seen you knows nothing about real computeing.
|>
| [ snip ]
|>
|> No, I don't use M$ software because M$ has proven itself to be
|> incompatible to anything - even to itself even in standard C.
|>
| I rest my case.

Your case needs a rest. A long rest. Come back in 2038.

--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
Nov 14 '05 #55
Thanks a LOT !!
I've been searching for something like this since a few days.. thanks a lot
!

-Eric
"Phong Vo" <kp*@research.att.com> a écrit dans le message de
news:76**************************@posting.google.c om...
"Eric Boutin" <er**@nic.nac.wdyn.de> wrote in message news:<xy*********************@wagner.videotron.net >...
Hi ! I was wondering how to quickly and safely use a safe scanf( ) or gets function... I mean.. if I do :

char a[256];
scanf("%s", a);
and the user input a 257 char string..
that creates a problem.. same for gets..


Get the Sfio library (www.research.att.com/sw/tools/sfio).
It allows you to say something like:
scanf("%I256s",a);
or more dynamically:
scanf("%I*s", sizeof(a), a);
the flag I says that the size of the array will be given next. The * means

that the size is given as an argument.

For gets() type of things, uses the sfgetr() function which does memory allocation as necessary to get the entire string.

Nov 14 '05 #56

On Thu, 18 Dec 2003, Eric Boutin wrote:

"Phong Vo" <kp*@research.att.com> a écrit...
"Eric Boutin" <er**@nic.nac.wdyn.de> wrote...
Hi ! I was wondering how to quickly and safely use a safe scanf( ) or
gets function...


Get the Sfio library (www.research.att.com/sw/tools/sfio).
It allows you to say something like:
scanf("%I256s",a);
Just for reiteration, it's worth pointing out that the 'I' is
not only redundant, but non-standard. [And the "256" should be
"255" to avoid one-character overflow (after removing the "I").]

or more dynamically:
scanf("%I*s", sizeof(a), a);
the flag I says that the size of the array will be given next. The * means
that the size is given as an argument.
And this is a nice extension, but your code will break in
*spectacular* fashion when run on a computer without Sfio's
library in the right place. I would feel much more comfortable
if Sfio hadn't given their scanf-alike the exact same name as
an existing library function.
For gets() type of things, uses the sfgetr() function which does
memory allocation
as necessary to get the entire string.


Probably good advice. I haven't seen the source code yet,
but it's hard to get wrong if you're not *trying*. :)

-Arthur

Nov 14 '05 #57
>> No its eccentric. Users generally won't accept command line programs unless
forced to use them. A GUI is generally far easier to use - I'm typing this
into a GUI newsreader.


Actually system administrators hate GUI's because they (sysadmins)
sometimes have to do the same thing over and over to many computers, and
what they really want is a way to script the action, while still allowing
a certain number of intelligent variables.


GUIs often have extreme problems of scale. Using a GUI newsreader as
an example, on initially setting one up, you can probably subscribe to
a newsgroup in maybe 4 mouse clicks. The problem is, can you subscribe
to 1000 newsgroups (according to some pattern, like all of the comp.*
newsgroups) in less than 4*1000 mouse clicks?

Gordon L. Burditt
Nov 14 '05 #58

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

39
by: Teh Charleh | last post by:
OK I have 2 similar programmes, why does the first one work and the second does not? Basically the problem is that the program seems to ignore the gets call if it comes after a scanf call. Please...
7
by: sajjanharudit | last post by:
Can anyone explain me what is happening in the following code: #include<stdio.h> int main() { int i,j; scanf("%d %d" + scanf("%d %d",&i,&j)); printf("%d %d\n"); }
51
by: moosdau | last post by:
my code: do { printf("please input the dividend and the divisor.\n"); if(!scanf("%d%d",&dend,&dor)) { temp1=1; fflush(stdin); } else
280
by: jacob navia | last post by:
In the discussion group comp.std.c Mr Gwyn wrote: < quote > .... gets has been declared an obsolescent feature and deprecated, as a direct result of my submitting a DR about it (which...
104
by: jayapal | last post by:
Hi all, Whenever I use the gets() function, the gnu c compiler gives a warning that it is dangerous to use gets(). why...? regards, jayapal.
19
by: subratasinha2006 | last post by:
I can not accept a string (without space) of length more than 127 whatever I do.. Entry is restricted by 127 characters. I have declared an array of size more than 200. or I have used...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.