Message-ID: <49373FE4.3080405@byu.net>
Date: Wed, 03 Dec 2008 19:26:44 -0700
From: Eric Blake <ebb9@byu.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.18) Gecko/20081105 Thunderbird/2.0.0.18 Mnenhy/0.7.5.666
MIME-Version: 1.0
To: cygwin@cygwin.com, mring111@yahoo.com
Subject: Re: Using -mno-cygwin causes different program behavior
References: <20825507.post@talk.nabble.com>
In-Reply-To: <20825507.post@talk.nabble.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to C-Programmer on 12/3/2008 6:29 PM:
>   char name[25];
>   gets( name );

PS. This is a _disaster_ waiting to happen.  You just coded a buffer
overflow exploit, where someone can supply a name with more than 25 bytes,
and in so doing, overwrite the stack return pointer to jump into arbitrary
code and thus execute whatever they want using your program as the
gateway.  PLEASE don't write code this evil in real life.  Use getline(),
fgets(), fread(), properly-written fscanf(), or the like, but NEVER gets().

- --
Don't work too hard, make some time for fun as well!

Eric Blake             ebb9@byu.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkk3P+QACgkQ84KuGfSFAYDh2ACfSsrD2vc1vBj3LdDC2DzvD8Z/
LHIAoLI76s26ASySD9+CVAgy6e5uQ+3W
=jv+5
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/