468,514 Members | 1,436 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,514 developers. It's quick & easy.

preventing following stdout getting into the stdin-stream

Hello,

Some time ago I tried to find a solution for preventing buffer overflows
in stdin. I thought getc was the solution but today I came to a problem.
I wanted to use my cognitions for a prompt but I recognized that the
following stdout of my program is used as stdin for the stream. So I
couldn't enter text, because the text was already read in (due to this
following stdout).
I thought about stopping the program-flow before stdin reads the whole
following stdout, so I set just a scanf before, and it works without
problems.

int c, i = 0;
char publisher[21];

printf("Enter the publisher (max. 20): ");
scanf("%c", &c);
while ( ( (c = getchar()) != '\n') && (i < 20) ) {
publisher[i++] = c;
publisher[i] = '\0';
}

Although my solution seems to work perfectly, I'm still a little bit
anxious about scanf, because I'm not exactly sure what's happening
between scanf and the line after.
Actually every entry by the user is a buffer overflow, but it's fielded
due to the next line. Did I understand that right? Could there appear
any non-predictable errors or is this safe?

Thanks,
Markus
Feb 19 '06 #1
2 1428

Markus Pitha wrote:
Hello,

Some time ago I tried to find a solution for preventing buffer overflows
in stdin. I thought getc was the solution but today I came to a problem.
I wanted to use my cognitions for a prompt but I recognized that the
following stdout of my program is used as stdin for the stream. So I
couldn't enter text, because the text was already read in (due to this
following stdout).
I thought about stopping the program-flow before stdin reads the whole
following stdout, so I set just a scanf before, and it works without
problems. May not be what you expected.
int c, i = 0;
char publisher[21];

printf("Enter the publisher (max. 20): ");
scanf("%c", &c);
When I compiled it with GCC, there was an warning:
warning: format '%c' expects type 'char *', but argument 2 has
type 'int *'.
while ( ( (c = getchar()) != '\n') && (i < 20) ) {
publisher[i++] = c;
publisher[i] = '\0';
}

Although my solution seems to work perfectly, I'm still a little bit
anxious about scanf, because I'm not exactly sure what's happening
between scanf and the line after.
I think it doesn't seem to work. You may miss the first character
because
"scanf()" eats it.
IMHO, it may work to replace "scanf()" with "fflush(stdout)".
Actually every entry by the user is a buffer overflow, but it's fielded
due to the next line. Did I understand that right? Could there appear
any non-predictable errors or is this safe?

Thanks,
Markus


Feb 20 '06 #2
Hello,

kernelxu schrieb:
May not be what you expected.
Obviously, you are right.
I think it doesn't seem to work. You may miss the first character
because
"scanf()" eats it.
IMHO, it may work to replace "scanf()" with "fflush(stdout)".


Yes, that's the problem. I didn't recongnize it first, but I'll try
fflush. Maybe you are right.
Markus.
Feb 20 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

4 posts views Thread by Jan Knop | last post: by
5 posts views Thread by Jean-Pierre Bergamin | last post: by
6 posts views Thread by Tsai Li Ming | last post: by
reply views Thread by lickspittle | last post: by
3 posts views Thread by Harayasu | last post: by
31 posts views Thread by Randy Yates | last post: by
13 posts views Thread by Vincent Delporte | last post: by
5 posts views Thread by dave_140390 | last post: by
1 post views Thread by fmendoza | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.