I know that in C++ if we create two char arrays char ch1[3]; ch2[3]; and then do strcpy(ch1,"Hello"); this is wrong and if ch1 and ch2 are allocated one by the other, the memory copies part of the array into the other, what are the chances or instances this can occur?
The way I fix this is by forcing the user to enter a fixed number of characters or numbers for the array. But is there a chance that it overflows and goes without notice and results in buffer overflow or whatever it is called?
The thing is how do people go about testing various data types or inputs in a code. I want to know this because I have always been writing code but am wondering how the same code would have been written by a software professional or in an real end-user application.
Any code will require user inputs. How do we test if the proper input (data type) is provided and what is the best way to stop buffer or stack overflows??
6 1930 Ganon11 3,652
Recognized Expert Specialist
This isn't an article - it's a question, and should have been posted in the C++ / C Forum, not the Articles section. I'll move it to the proper place now.
You stop stack and buffer overflows by not allowing them top happen.
You never ask a use how many bytes will be entered. Users always lie.
You have to write code that's noit dependnent on a fixed length. For example, you ask the user for a string. You have no idea how long it will be. If you use an 80-byte array the user will enter 81-bytes and creash your code. If you allow 1000-byte array, the user will enter 1001 bytes and cracha your code.
Typically, you use a small buffer, say 20. When you call getline() with 10 characters as the buffer size, getline() returns the number of characters actually fetched. If that's 10, then there may be more input, so you write code tio append the 10 characters read to a string and call getline() again to get the next 10 characters. You repeat this as necessary until getline() returns less than 10. Then you append the final characters to your string adn you are done.
There should be nothing in your code that has hard-coded values or code that only works based on hard-coded vaues.
Thanks a lot. So how would the corresponding code be? Just to read an integer or a character array and so on? Could you give me one detailed example please...
Here's an example for a string object fetched 10 characters at a time. -
void GetString(string& theData)
-
{
-
theData.erase(); //remove any existing contents
-
const int max = 10;
-
char line[max];
-
while (cin.get(line, max))
-
{
-
-
theData += line;
-
//go back for more data
-
}
-
char x = cin.get(); //finally, eat the delim
-
-
}
-
thank you,
I am continuing on this. Trying to understand how simple various data types are read and verified for correct entries. I understood how buff overflows using get(buff,size) can be avoided. So show all data types be read like this and converted to their respective data types using strtol, strod and so on? After doing so, how do we verify if the correct value and size are entered.
In the following example, I tried to read an int followed by a char array. I enter a wrong data type say asdf it would complain and ask the reader to enter an integer instead. However, If I enter a float value, say 23.343 it would append 23 to the integer and whatever left .343 to the string and returns. I could also try to read everything into a string and then convert to an int double. What is the correct way to read and also verify these data types? -
-
int intVal;
-
int bad_input;
-
do{
-
bad_input=0;
-
cin >> intVal;
-
if(!cin)
-
{
-
cout << "Wrong input, input again" << endl;
-
bad_input=1;
-
cin.clear();
-
cin.ignore(numeric_limits<streamsize>::max(),'\n');
-
}
-
}while(bad_input);
-
cout << intVal << endl;
-
-
// Reading a string and avoiding buffer overflows
-
string str;
-
readString(str);
-
cout << str << endl;
-
where -
-
// To avoid buffer overflows, read a string as follows
-
void readString(string &tmpString)
-
{
-
tmpString.erase(); // deletes an exising string values or contents
-
const int buffLen = 10;
-
char buff[buffLen];
-
while(cin.get(buff,buffLen)) // default delimiter \n you can always change this
-
{
-
tmpString += buff;
-
}
-
char x = cin.get();// ignore the last delimiter like cin.ignore();
-
}
-
You have to understand that the cin>> will set a fail bit if the data in the input buffer does not match the type of the variable you are fetching into.
The whole point of the >> operator is to process formatted input. That is, data that is in a format you already know. If the user can type in any old data, then you don't know the format and probably shouldn't be using the >> operator.
Instead, you use cin.get() and fetch each byte into a buffer where you can decide what the heck it is. For example, a 23 might be an int but a 23. might be a double because you can check the buffer for a decimal point to determine whether to convert the contents to an int or a double.
Sign in to post your reply or Sign up for a free account.
Similar topics |
by: Ben Collingsworth |
last post by:
Anyone have some efficient source code for implementing a ring buffer?
|
by: boston01 |
last post by:
I am testing a database application. It works fine when only one user
uses the application, however, when there are concurrent users, I saw
rollbacks in event log.
Can experts in this group...
|
by: Eric Webster |
last post by:
I have a fairly simple VB.Net program I'm developing that listens to data
coming over the internet and processes it. The data comes in as events - the
app is idle until another chunk of data comes...
|
by: CJ |
last post by:
Hello:
We know that C programs are often vulnerable to buffer overflows which
overwrite the stack.
But my question is: Why does C insist on storing local variables on the
stack in the first...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
| |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| | |