473,320 Members | 1,857 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

What could normally causes the string to have no null terminated


Given that the string is of null terminated type. What could be the
possible causes (by experience) the string to have no null terminated
and cause buffer overflow later. I know it is quite broad, just like to
find out the causes as much as possible so that I could impose stricter
checking toward my codes.

note: I could not use std::string cause it will require a total
rewrite.

thanks.

Dec 4 '06 #1
12 1937

semut a écrit :
Given that the string is of null terminated type. What could be the
possible causes (by experience) the string to have no null terminated
and cause buffer overflow later. I know it is quite broad, just like to
find out the causes as much as possible so that I could impose stricter
checking toward my codes.

note: I could not use std::string cause it will require a total
rewrite.

thanks.
I can only think about the string construction, but without more
information about how you construct it, I'm not sure I will be able to
help more. Remember that you are supposed to add this nul (not null
BTW) character by yourself, or to use functions that automagically add
it when recopying the input buffer(s) (if it is present). snprintf,
strncpy, strncat and other related functions might NOT copy the end of
the string (including the nul char) if the n parameter is too small.

Also remember that using std::string might need you to rewrite
everything, but will also save your time when you hit such kind of
nasty bugs. All in all , it still might be a win in the end :)

Regards,

-- Emmanuel Deloget, Artware

Dec 4 '06 #2
"semut" <an*****@gmail.comwrites:
Given that the string is of null terminated type. What could be the
possible causes (by experience) the string to have no null terminated
and cause buffer overflow later. I know it is quite broad, just like to
find out the causes as much as possible so that I could impose stricter
checking toward my codes.
I guess that question would be better asked at comp.lang.c as people
there are used to such strings whereas (as I presume) at comp.lang.c++
people prefer std::string.

As to your question probably using gets(), strcpy(), sprintf() instead
of fgets(), strncpy(), snprintf() etc. Also pay attention to
strncpy() as it does not in all case write the null terminator.

--
Best regards, _ _
.o. | Liege of Serenly Enlightened Majesty of o' \,=./ `o
..o | Computer Science, Michal "mina86" Nazarewicz (o o)
ooo +--<mina86*tlen.pl>---<jid:mina86*chrome.pl>--ooO--(_)--Ooo--
Dec 4 '06 #3
On Dec 4, 2:27 pm, "semut" <ant....@gmail.comwrote:
Given that the string is of null terminated type. What could be the
possible causes (by experience) the string to have no null terminated
and cause buffer overflow later. I know it is quite broad, just like to
find out the causes as much as possible so that I could impose stricter
checking toward my codes.
Just one of many examples:
If you create a buffer (char*) of some size and use some function that
places text in this buffer, but you forget to take into account the \0
when specifying the size of the buffer in the function call. This will
cause the function to put the \0 outside the buffer (so far maybe no
real harm done). The for some reason the \0 outside the buffer changes
(that memory-space was used by a variable which you just assigned a
value to. Now you don't have a \0 at the end of the string and that
will give you lots of hours trying to figure out what went wrong.

--
Erik Wikström

Dec 4 '06 #4

semut napsal:
Given that the string is of null terminated type. What could be the
possible causes (by experience) the string to have no null terminated
and cause buffer overflow later. I know it is quite broad, just like to
find out the causes as much as possible so that I could impose stricter
checking toward my codes.

note: I could not use std::string cause it will require a total
rewrite.

thanks.
In general, every function which gets parameter of type char* is able
to destroy the given string. You should pass parameters to all
functions, which cannot change it as const char*. Of course, you can
still make some ugly typecasts from const value to non-const value, but
such cases should be omitted.

But as was said above, I would rewrite it to use std::string.

Dec 4 '06 #5
Geo

semut wrote:
Given that the string is of null terminated type. What could be the
possible causes (by experience) the string to have no null terminated
and cause buffer overflow later. I know it is quite broad, just like
to
find out the causes as much as possible so that I could impose stricter
checking toward my codes.
Mostly caused by buffer size problems.

Some guidlines to reduce the possibility, don't use
sprintf
memcpy
strcat
scanf
gets
strftime

take care when using
fgets (make sure size is < buffer length)
strcpy

I'm sure there's loads more potentially problem functions

note: I could not use std::string cause it will require a total
rewrite.
You pays your money, you takes your choice.... in the long run it's
probably easier to re-write.
thanks.
Dec 4 '06 #6
Remember that you are supposed to add this nul (not null BTW)
In the C++ language, it's NULL, not nul. (Or even null... C++ is
case-sensitive.) The only place I've seen NUL (not nul) is in the
specifications of the ASCII character set. I see null used often in plain
text, especially when talking about "null-terminated strings". Personally,
I prefer to say "NULL-terminated", since that's C++-specific, and every C++
programmer knows I mean that there's a 0 at the end. But "nul"? I've never
seen that anywhere that I can recall.

-Howard

Dec 4 '06 #7
Geo

Howard wrote:
Remember that you are supposed to add this nul (not null BTW)

But "nul"? I've never
seen that anywhere that I can recall.
Pascal and Ada I think.
>
-Howard
Dec 4 '06 #8
"Howard" <al*****@hotmail.comwrote in
news:TH********************@bgtnsc05-news.ops.worldnet.att.net:
>
>Remember that you are supposed to add this nul (not null BTW)

In the C++ language, it's NULL, not nul. (Or even null... C++ is
case-sensitive.) The only place I've seen NUL (not nul) is in the
specifications of the ASCII character set. I see null used often in
plain text, especially when talking about "null-terminated strings".
Personally, I prefer to say "NULL-terminated", since that's
C++-specific, and every C++ programmer knows I mean that there's a 0
at the end. But "nul"? I've never seen that anywhere that I can
recall.
To me... NULL says pointer. nul says '\0'. So if you typed to me "NULL-
terminated string", I'd first be temporarily confused as to why you're
trying to put a pointer into a std::string, realize you're talking about a
C-style string, and then wonder the same thing (why are you trying to stick
a pointer into a char).

Dec 4 '06 #9

"Andre Kostur" <nn******@kostur.netwrote in message
news:Xn*******************************@209.135.99. 21...
"Howard" <al*****@hotmail.comwrote in
news:TH********************@bgtnsc05-news.ops.worldnet.att.net:
>>
>>Remember that you are supposed to add this nul (not null BTW)

In the C++ language, it's NULL, not nul. (Or even null... C++ is
case-sensitive.) The only place I've seen NUL (not nul) is in the
specifications of the ASCII character set. I see null used often in
plain text, especially when talking about "null-terminated strings".
Personally, I prefer to say "NULL-terminated", since that's
C++-specific, and every C++ programmer knows I mean that there's a 0
at the end. But "nul"? I've never seen that anywhere that I can
recall.

To me... NULL says pointer. nul says '\0'. So if you typed to me "NULL-
terminated string", I'd first be temporarily confused as to why you're
trying to put a pointer into a std::string, realize you're talking about a
C-style string, and then wonder the same thing (why are you trying to
stick
a pointer into a char).
Perhaps 0-terminated (or zero-terminated) would be more appropriate?

I've also seen "nil" (which is what Pascal uses), but not "nul". But that's
for pointers only. (Pascal uses length-encoded strings, not null-terminated
ones.)

In any case, there's no "nul" mentioned in the C++ standard. It's not even
in wikipedia (whereas "null" is). If you look up "nul" in Yahoo's online
dictionary, it takes you to "null". And Webster's refers you to "null".

-Howard

Dec 4 '06 #10

Geo wrote:
semut wrote:
Given that the string is of null terminated type. What could be the
possible causes (by experience) the string to have no null terminated
and cause buffer overflow later. I know it is quite broad, just like
to
find out the causes as much as possible so that I could impose stricter
checking toward my codes.

Mostly caused by buffer size problems.

Some guidlines to reduce the possibility, don't use
sprintf
memcpy
strcat
scanf
gets
strftime

take care when using
fgets (make sure size is < buffer length)
strcpy

I'm sure there's loads more potentially problem functions

note: I could not use std::string cause it will require a total
rewrite.

You pays your money, you takes your choice.... in the long run it's
probably easier to re-write.
thanks.
thanks everyone for the enlightenment.

Dec 5 '06 #11

Howard a écrit :
"Andre Kostur" <nn******@kostur.netwrote in message
news:Xn*******************************@209.135.99. 21...
"Howard" <al*****@hotmail.comwrote in
news:TH********************@bgtnsc05-news.ops.worldnet.att.net:
>
Remember that you are supposed to add this nul (not null BTW)

In the C++ language, it's NULL, not nul. (Or even null... C++ is
case-sensitive.) The only place I've seen NUL (not nul) is in the
specifications of the ASCII character set. I see null used often in
plain text, especially when talking about "null-terminated strings".
Personally, I prefer to say "NULL-terminated", since that's
C++-specific, and every C++ programmer knows I mean that there's a 0
at the end. But "nul"? I've never seen that anywhere that I can
recall.
To me... NULL says pointer. nul says '\0'. So if you typed to me "NULL-
terminated string", I'd first be temporarily confused as to why you're
trying to put a pointer into a std::string, realize you're talking about a
C-style string, and then wonder the same thing (why are you trying to
stick
a pointer into a char).

Perhaps 0-terminated (or zero-terminated) would be more appropriate?

I've also seen "nil" (which is what Pascal uses), but not "nul". But that's
for pointers only. (Pascal uses length-encoded strings, not null-terminated
ones.)

In any case, there's no "nul" mentioned in the C++ standard. It's not even
in wikipedia (whereas "null" is). If you look up "nul" in Yahoo's online
dictionary, it takes you to "null". And Webster's refers you to "null".

-Howard
Apologies. The name of the character, as per the ASCII table
definition, is NUL, but it should be refered either as the NUL
character or the null character (but not the nul character).

On the other end, neither the C standard nor the C++ one relie on the
ASCII table to express characters (both refers to "basic character
sets", which contains a null character which is defined to have all
bits sets to 0).

While the definition are in the end quite similar, I think that the C++
avoided direct reference to the ASCII table by choice (so that C++ is
not tied to this charset) and thus it can't use the name NUL character
to describe '\0'.

As a consequence, I was wrong when I spoke about a nul character, from
two point of view : first, it's not the C and C++ standard terminology,
and second, it doesn't even exist (but NUL does).

Sorry for the inconvenience.

-- Emmanuel Deloget, Artware

Dec 6 '06 #12
On Dec 6, 12:33 pm, "Emmanuel Deloget" <log...@free.frwrote:
On the other end, neither the C standard nor the C++ one relie on the
ASCII table to express characters (both refers to "basic character
sets", which contains a null character which is defined to have all
bits sets to 0).

While the definition are in the end quite similar, I think that the C++
avoided direct reference to the ASCII table by choice (so that C++ is
not tied to this charset) and thus it can't use the name NUL character
to describe '\0'.

As a consequence, I was wrong when I spoke about a nul character, from
two point of view : first, it's not the C and C++ standard terminology,
and second, it doesn't even exist (but NUL does).
In the latest Working Draft (don't know of the current standard) there
are two mentions of ASCII, both in footnotes. The first of those might
be relevant here:
"The glyphs for the members of the basic source character set are
intended to identify characters from the subset of ISO/IEC 10646 which
corresponds to the ASCII character set. However, because the mapping
from source file characters to the source character set (described in
translation phase 1) is specified as implementation-defined, an
implementation is required to document how the basic source characters
are represented in source files."

--
Erik Wikström

Dec 6 '06 #13

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
by: kaymes | last post by:
Is there a string class available that is able to handle binary data that may contain #0? It should be similar to std::string, but not rely on null terminated data. Konstantin PS: Sorry, if...
18
by: Metro12 | last post by:
In the <basic_string.h>, I find the implementation of these two functions. But I can't understand the difference between them. Please give me some help! //basic_string::c_str() const _CharT*...
16
by: Alfonso Morra | last post by:
Hi, I am at the end of my tether now - after spending several days trying to figure how to do this. I have finally written a simple "proof of concept" program to test serializing a structure...
14
by: Kayle | last post by:
How should we check if the '\0' characters exists in the string as I am confused that some books mentioned that we have to check whether we need to make sure that we pass the...
3
by: Alfonso Morra | last post by:
Hi, I am at the end of my tether now - after spending several days trying to figure how to do this. I have finally written a simple "proof of concept" program to test serializing a structure...
3
by: ferg | last post by:
I have a Customer table. The table has two different CHECK constraints. Then there is the Customer details dialog, which provides the user with an UI for changing users. I have some UPDATE sql,...
7
by: semut | last post by:
Given that the string is of null-terminated type. What could be the possible causes (by experience) the string to have no null character (\0) and cause buffer overflow later. I know it is quite...
3
by: jacob navia | last post by:
Abstract: Continuing the discussion about abstract data types, in this discussion group, a string collection data type is presented, patterned after the collection in C# and similar languages...
9
by: qglyirnyfgfo | last post by:
I was reading an article regarding .Net arrays and on that article, the author mentioned something about SZ arrays. As far as I can tell, SZ arrays are one dimension arrays that are zero based,...
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.