By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,727 Members | 766 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,727 IT Pros & Developers. It's quick & easy.

What are stack or buffer overflows, how to test or fix them from occurring

P: 25
I know that in C++ if we create two char arrays char ch1[3]; ch2[3]; and then do strcpy(ch1,"Hello"); this is wrong and if ch1 and ch2 are allocated one by the other, the memory copies part of the array into the other, what are the chances or instances this can occur?

The way I fix this is by forcing the user to enter a fixed number of characters or numbers for the array. But is there a chance that it overflows and goes without notice and results in buffer overflow or whatever it is called?

The thing is how do people go about testing various data types or inputs in a code. I want to know this because I have always been writing code but am wondering how the same code would have been written by a software professional or in an real end-user application.

Any code will require user inputs. How do we test if the proper input (data type) is provided and what is the best way to stop buffer or stack overflows??
Oct 10 '07 #1
Share this Question
Share on Google+
6 Replies


Ganon11
Expert 2.5K+
P: 3,652
This isn't an article - it's a question, and should have been posted in the C++ / C Forum, not the Articles section. I'll move it to the proper place now.
Oct 10 '07 #2

weaknessforcats
Expert Mod 5K+
P: 9,197
You stop stack and buffer overflows by not allowing them top happen.

You never ask a use how many bytes will be entered. Users always lie.

You have to write code that's noit dependnent on a fixed length. For example, you ask the user for a string. You have no idea how long it will be. If you use an 80-byte array the user will enter 81-bytes and creash your code. If you allow 1000-byte array, the user will enter 1001 bytes and cracha your code.

Typically, you use a small buffer, say 20. When you call getline() with 10 characters as the buffer size, getline() returns the number of characters actually fetched. If that's 10, then there may be more input, so you write code tio append the 10 characters read to a string and call getline() again to get the next 10 characters. You repeat this as necessary until getline() returns less than 10. Then you append the final characters to your string adn you are done.

There should be nothing in your code that has hard-coded values or code that only works based on hard-coded vaues.
Oct 10 '07 #3

P: 25
Thanks a lot. So how would the corresponding code be? Just to read an integer or a character array and so on? Could you give me one detailed example please...
Oct 11 '07 #4

weaknessforcats
Expert Mod 5K+
P: 9,197
Here's an example for a string object fetched 10 characters at a time.

Expand|Select|Wrap|Line Numbers
  1. void GetString(string& theData)
  2. {
  3.   theData.erase();  //remove any existing contents
  4.   const int max = 10;
  5.   char line[max];
  6.   while (cin.get(line, max))
  7.   {
  8.  
  9.     theData += line;
  10.     //go back for more data
  11.   }
  12.   char x = cin.get(); //finally, eat the delim
  13.  
  14. }
  15.  
Oct 11 '07 #5

P: 25
thank you,

I am continuing on this. Trying to understand how simple various data types are read and verified for correct entries. I understood how buff overflows using get(buff,size) can be avoided. So show all data types be read like this and converted to their respective data types using strtol, strod and so on? After doing so, how do we verify if the correct value and size are entered.

In the following example, I tried to read an int followed by a char array. I enter a wrong data type say asdf it would complain and ask the reader to enter an integer instead. However, If I enter a float value, say 23.343 it would append 23 to the integer and whatever left .343 to the string and returns. I could also try to read everything into a string and then convert to an int double. What is the correct way to read and also verify these data types?

Expand|Select|Wrap|Line Numbers
  1.  
  2. int intVal;
  3.     int bad_input;
  4.     do{
  5.         bad_input=0;
  6.         cin >> intVal;
  7.         if(!cin)
  8.         {
  9.           cout << "Wrong input, input again" << endl;
  10.           bad_input=1;
  11.           cin.clear();
  12.           cin.ignore(numeric_limits<streamsize>::max(),'\n');
  13.         }
  14.     }while(bad_input);
  15.     cout << intVal << endl;
  16.  
  17.     // Reading a string and avoiding buffer overflows
  18.     string str;
  19.     readString(str);
  20.     cout << str << endl;
  21.  
where

Expand|Select|Wrap|Line Numbers
  1.  
  2. // To avoid buffer overflows, read a string as follows
  3. void readString(string &tmpString)
  4. {
  5.      tmpString.erase(); // deletes an exising string values or contents
  6.      const int buffLen = 10;
  7.      char buff[buffLen];
  8.      while(cin.get(buff,buffLen)) // default delimiter \n you can always change this
  9.      {
  10.         tmpString += buff;
  11.      }
  12.      char x = cin.get();// ignore the last delimiter like cin.ignore();
  13. }
  14.  
Oct 11 '07 #6

weaknessforcats
Expert Mod 5K+
P: 9,197
You have to understand that the cin>> will set a fail bit if the data in the input buffer does not match the type of the variable you are fetching into.

The whole point of the >> operator is to process formatted input. That is, data that is in a format you already know. If the user can type in any old data, then you don't know the format and probably shouldn't be using the >> operator.

Instead, you use cin.get() and fetch each byte into a buffer where you can decide what the heck it is. For example, a 23 might be an int but a 23. might be a double because you can check the buffer for a decimal point to determine whether to convert the contents to an int or a double.
Oct 12 '07 #7

Post your reply

Sign in to post your reply or Sign up for a free account.