Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C Programming > Erradicating a Buffer Overflow

Thread Tools

Erradicating a Buffer Overflow

Peter Nilsson
Posts: n/a
Arctic Fidelity wrote:
> ... I am under the impression, perhaps, that scanf and such
> functions have at them a group of people who are in at least
> partially strong objection to their use? If so, is their some
> history or methods or something else about these scanf tools
> with which I am not familar that has earned them such apparent
> dislike?

The problem lies with teachers and tutors who are too eager to
teach the entire language as quickly as possible, without focussing
on details. You'll often see newbies totally unaware of the basic
problems with code like...

scanf("%s", my_string);

The problem with scanf is that it is too easy to misuse, especially
if you're just using 'default' options. Of course, that doesn't mean
it can't be used correctly. It just means that people are prone to
prefering alternative tools.

Unfortunately, writing bullet proof input routines that deal with
both good and bad input robustly (without undefined behaviour), and
which are able to continue with further input (in the absense of EOF),
is not a trivial task in C!


Reply With Quote
Richard Bos
Posts: n/a
"Arctic Fidelity" <(E-Mail Removed)> wrote:

> On Tue, 25 Oct 2005 08:43:33 -0400, SM Ryan
> <(E-Mail Removed)> wrote:
> > Then again I'm not the one who felt the need to ask others if a scanf
> > format was safe.

> In some regards, I feel almost as though having asked this question has
> earned me even the slightest bit of disdain from some particular readers
> of this group.

Some particular readers, undoubtedly. But you might read the group for a
bit longer before deciding how much to worry about Mr. SM "Could not
quote properly for his life" Ryan's opinion of yourself. As for me, I
feel no disdain for you.

Reply With Quote
Posts: n/a
"Arctic Fidelity" <(E-Mail Removed)> wrote in message
news(E-Mail Removed) et...
> On Mon, 24 Oct 2005 18:35:20 -0400, SM Ryan
> <(E-Mail Removed)> wrote:
> > Do you realize you aren't required to use *scanf? If the tools are
> > too difficult to use, get better tools.

> I suppose I should say that I am unsure of what other tools in the
> Standard C Library allow me to extract, in one function call, all the

> information from a string that I need, in such a straightforward


So write a function of your own. Duh.

> If there is, I'd love to hear it. I personally came accross a

> usage of sscanf in documentation, and found that it was much faster
> compared to my original idea of single character stepping through the

> string.

Faster is so 1960's. You can't tell what is "faster" by looking at code.
Are you writing code for a microwave oven? If you code is for a modren
CPU then a good compiler will probably modify your code into something
fast. If you detect a slowdown, or want to, then run a profiler. No one
(except Gods - who may post here from time to time) can predict a
speedup - things you do to speed up your code may prevent the compiler
from speeding up your code. Just write code that solves the problem.


Reply With Quote
Dave Thompson
Posts: n/a
On Mon, 24 Oct 2005 10:09:52 -0400, "Arctic Fidelity"
<(E-Mail Removed)> wrote:

> sscanf(argv[1],
> "%.3s, %d %.3s %4d %.8s %s",

<snip: various args ending with junk which is char[10]>

Those should be %3s etc. "Dot" numbers in *scanf are nonstandard. (Cf.
*printf where %Ns pads to minimum and %.Ns truncates to maximum.)

> As you can guess, this is designed to take a specifically formatted date
> string and read it into variables. However, in the date format I am
> processing (mbox/overview file type dates), there is an extra bit after
> the time that could be an arbitrary length. Generally, it's not bigger
> than 10, which is why I initially used that value, but it did not click in
> my head before that this would cause a problem. Then, while I was thinking
> about it today, I realized that you could put in more than 10 characters
> after the time section of the string, and overflow the program. My
> question is, what is the proper way of handling this? How can I remedy it?

As already answered, the real answer is %*s or nothing, but one nit:

> I could change %s to %.9s or something of that nature, but that would be
> ugly, because I would end up with a bunch of whitespace and padding at the
> beginning or the end. <snip>

*scanf %s, with or without a length limit, will always skip leading
whitespace and stop at following whitespace, so even if the supplied
string (which you said later isn't really an argv[] string) contains
padding this particular format wouldn't put it in the variable.

- David.Thompson1 at
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Using aspnet Impersonation, ASPNET_SETREG, applicaton throws buffer overflow. ASP .Net 2 10-21-2005 04:39 PM
??? Possible Buffer Overflow ??? =?Utf-8?B?VGltOjouLg==?= ASP .Net 2 08-31-2005 04:39 PM
ASP.NET Crashing on IIS 5.0 - Buffer overflow =?Utf-8?B?Lk5FVCBEZXY=?= ASP .Net 1 08-11-2005 08:04 PM
Upload IOS to 803 fails (buffer overflow) stapla222 Cisco 1 04-11-2005 10:33 PM
buffer overflow Wojtek Cisco 1 04-03-2005 04:03 PM