From: Damian Yerrick <Bullcr_pd_yerrick AT hotmail DOT comRemoveBullcr_p>
Newsgroups: comp.os.msdos.djgpp
Subject: Re: reading text files
Organization: Pin Eight Software  http://pineight.8m.com/
Message-ID: <l476hs8q4tskk01uq232gj9f30scupjea5@4ax.com>
References: <s0ptgsk9052i4lft8hm38o3r0ugjncb64e AT 4ax DOT com> <Pine DOT SUN DOT 3 DOT 91 DOT 1000503115802 DOT 4851L-100000 AT is>
X-Newsreader: Forte Agent 1.7/32.534
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 68
X-Trace: +LI5qfsHuEILOEBiRIuxVOzG6k00JX30h+lmgVwC4xF//PaoHoud6nPt27Hh20VMcFqjs7k7wBrI!ZSV3/duWHmPdYlz3MspETVCFn3lSUhJpUKR4bErPsZjLZUJytz7isv8frQTRkUJD3sN08soM3zaj!bKPGOug=
X-Complaints-To: abuse AT gte DOT net
X-Abuse-Info: Please be sure to forward a copy of ALL headers
X-Abuse-Info: Otherwise we will be unable to process your complaint properly
NNTP-Posting-Date: Fri, 05 May 2000 19:22:02 GMT
Distribution: world
Date: Fri, 05 May 2000 19:22:02 GMT
To: djgpp AT delorie DOT com
DJ-Gateway: from newsgroup comp.os.msdos.djgpp
Reply-To: djgpp AT delorie DOT com

On Wed, 3 May 2000 11:58:23 +0300 (IDT), Eli Zaretskii
<eliz AT is DOT elta DOT co DOT il> wrote:

>On Tue, 2 May 2000, Damian Yerrick wrote:
>
>> scanf() and fscanf() introduce buffer overflow errors.
>
>They do?  Could you show an example?

This bash session transcript should tell all:


bash-2.03$ cat buffovf.c
#include <stdio.h>
#include <stdlib.h>

int main(void)
{
  char foo[16];
  FILE *fp = fopen("foo.txt", "rb");

  if(!fp)
  {
    puts("couldn't open foo.txt for writing.\n"
         "It should contain one line with one very long word.");
    return 1;
  }
  fscanf(fp, "%s", foo);
  printf("read word: %s\n", foo);
  return 0;
}
bash-2.03$ cat foo.txt
supercalifragilisticexpialidocious
bash-2.03$ ./a
read word: supercalifragilisticexpialidocious
Exiting due to signal SIGSEGV
General Protection Fault at eip=0000165f
eax=00000000 ebx=000084ca ecx=00000000 edx=00000035
esi=00000054 edi=000102f4 ebp=63697473 esp=000902d4
program=C:\PERSONAL\DEVELOP\A.EXE
cs: sel=00f7  base=84ca8000  limit=0009ffff
ds: sel=00ff  base=84ca8000  limit=0009ffff
es: sel=00ff  base=84ca8000  limit=0009ffff
fs: sel=00d7  base=0000db10  limit=0000ffff
gs: sel=010f  base=00000000  limit=0010ffff
ss: sel=00ff  base=84ca8000  limit=0009ffff
App stack: [000902f4..000102f4]  Exceptn stack: [000101d8..0000e298]

Call frame traceback EIPs:
  0x0000165f   _main+115
bash-2.03$ symify a.exe
bash-2.03$ _


>Perhaps you were thinking about `gets' (as opposed to `fgets')?

*scanf() (except sscanf()) have the same problem as gets():  The
program does not know how long an incoming string is. (sscanf() knows
that no incoming string will be longer than the input string.)  Adding
a "width" in the format specifier might fix this problem.

-- 
Damian Yerrick
"I refuse to listen to those who refuse to listen to reason."
See the whole sig: http://www.rose-hulman.edu/~yerricde/sig.html

This is McAfee VirusScan. Add these two lines to your signature to
prevent the spread of signature viruses.  http://www.mcafee.com/