hi al,pls help for the following code snippet
main()
{
typedef char abc[20];
abc a;
abc b;
strcpy(a,"HI");
printf("Enter string");
scanf("%s",b);
if(strcmp(a,b)==0)
{ printf("\nSUCCESS");
}
else
{
printf("\nFAILURE");
}
}
is anything wrong in the strmp stmt.,when i run my code for deepcheck,it says"Index from user input, so potential overflow/underflow on variable '(const char *)&b' in the function call 'strcmp' ".
5  4492 
I dont think so that there is a issue with your code.
Raghu
 Banfa 9,065
Expert Mod 8TB
is anything wrong in the strmp stmt.,when i run my code for deepcheck,it says"Index from user input, so potential overflow/underflow on variable '(const char *)&b' in the function call 'strcmp' ".
You code is syntactically correct and should compile.
However deepcheck goes further than just simple syntax checking (I assume it is a static analysis tool). Your variable b is an array of 20 characters. However you are passing a pointer to that array to scanf for string input. Whether the buffer overflows or not is then dependent on how much data the user inputs, <20 characters and you are fine >= 20 characters and you have a buffer overflow which is undefined behaviour.
This is a rather classic example of the poor programming that has lead to security vulnerabilities and an example of program validity being defined at run time not compile time. That is this flaw in using scanf has been the cause of many security vulnerabilities over the years and the behaviour of the program is either good or undefined depending on what the user does.
Instead of using scanf you could use fgets which allows you to pass the buffer size to the function reading the keyboard and prevents buffer overruns.
You code is syntactically correct and should compile.
However deepcheck goes further than just simple syntax checking (I assume it is a static analysis tool). Your variable b is an array of 20 characters. However you are passing a pointer to that array to scanf for string input.
What surprises me is that that tool is whining about strcmp instead of scanf.
kind regards,
Jos
Sign in to post your reply or Sign up for a free account.
Similar topics
by: muser |
last post by:
The following error appears: 'strcmp' : cannot convert parameter 1
from 'char' to 'const char *'. I've already tried using single
quotations. the header file
only contains the struct contents....
|
by: jl_post |
last post by:
Hi,
I recently wrote two benchmark programs that compared if two strings
were equal: one was a C program that used C char arrays with strcmp(),
and the other was a C++ program that used...
|
by: Robert Mens |
last post by:
Hi,
I've got this problem with this project i am working on, i am
a bit new to c so i don't know why this happens.
string is read from a telnet socket.
Here's the piece of code that...
|
by: Eirik |
last post by:
Shouldn't this code work? If not, why shouldn't it?
#include <stdio.h>
int main(void)
{
char yesno;
char *yes = "yes";
|
by: Steven |
last post by:
Hello,
I have a question about strcmp(). I have four words, who need to be
compared if it were two strings. I tried adding the comparison values
like '(strcmp(w1, w2) + strcmp(w3, w4))', where...
|
by: Sameer |
last post by:
Hi friends,
I am beginner in C++. I am using g++ compiler. below is my code
which gives error as " invlid conversion from 'char' to 'const char*'
..Plz help me with this.
#include <iostream.h>...
|
by: noobcprogrammer |
last post by:
#include "IndexADT.h"
int IndexInit(IndexADT* word)
{
word->head = NULL;
word->wordCount = 0;
return 1;
}
int IndexCreate(IndexADT* wordList,char* argv)
|
by: fishpond |
last post by:
One way I've seen strcmp(char *s1, char *s2) implemented is: return
immediately if s1==s2 (equality of pointers); otherwise do the usual
thing of searching through the memory at s1 and s2.
Of...
|
by: mosullivan |
last post by:
I had to write a program that would accept 7 strings through scanf, list the strings, alphabetize, and relist. I was supposed to use strcmp to assist with the sort and write it so that it can sort...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
| |
