Buffer overflows also happen when you use a single char with
"%[...]" in scanf; this inputs as many chars as it can match,
and null-terminates the string.
Even when they aren't able to be exploited (i.e. not in a
program with special uid), buffer overflows can make
you program break in strange w
> dear carl
>
>
> >The more I think about it, the following is better.
> >No more buffer overflow problem.
>
>
> have heard lots about it in security bulletins ...
> what is a buffer over flow ? and how does it appear in code ?
A buffer is a block of memory designed t
On 26 Jul, Moses Leslie wrote:
| I'm taking an intro C class, and of course everything there is run on
win95.
| For a project we're doing now, I need to be able to tell if a
scanf("%d",&x)
| actually gets an int or not, but scanf seems to freak out if it gets
anything
| but an int.
On Tue, 27 Jul 1999, venu wrote:
> >The more I think about it, the following is better.
> >No more buffer overflow problem.
>
>
> have heard lots about it in security bulletins ...
> what is a buffer over flow ? and how does it appear in code ?
In C, you (almost) always
On Mon, 26 Jul 1999, Moses Leslie wrote:
> On 27-Jul-99 Jason Gunthorpe wrote:
> >
> > fflush doesn't do anything (or at least isn't supposed to) for input
> > streams, fflush is ment to flush pending output, not discard pending
> > input. So what is happening is that glibc ignores the fflush and
dear carl
>The more I think about it, the following is better.
>No more buffer overflow problem.
have heard lots about it in security bulletins ...
what is a buffer over flow ? and how does it appear in code ?
cheers
venu
On 27-Jul-99 Jason Gunthorpe wrote:
> >
> fflush doesn't do anything (or at least isn't supposed to) for input
> streams, fflush is ment to flush pending output, not discard pending
> input. So what is happening is that glibc ignores the fflush and
> continually rescans that invalid character in
Monday, July 26, 1999, 10:51:02 PM, Carl wrote:
> if ( ! result)
You know you've been using perl for too long when you see this in C and
immediately think, "Hmm, no wonder it doesn't work, there is no $." :)
--
Steve C. Lamb | I'm your priest, I'm your shrink, I'm your
The more I think about it, the following is better.
No more buffer overflow problem.
#include
int main()
{
int test;
int result;
int j;
for(j = 0; j < 10; j++)
{
while ( scanf("%*[^0-9-]") );
result = scanf("%d", &test);
if ( ! result)
printf("Error\n");
el
>under visual C++. Is this something that's (most likely) broken in vc++, or
>perhaps (less likely) broken in glibc 2.1? All I have to test it on is a
>potato box, so I don't know if other versions of gcc have the same problem.
According to the fflush manpage, only _output_ streams are flushed.
On Mon, 26 Jul 1999, Moses Leslie wrote:
> int test;
> for(;;)
> {
> printf("Status is %d\n",scanf("%d",&test));
> fflush(stdin);
> }
> prints out "Status is 1" if it gets an int, but freaks out and keeps printing
> "Status is 0" over and over if you give it a char. The same sn
I'm taking an intro C class, and of course everything there is run on win95.
For a project we're doing now, I need to be able to tell if a scanf("%d",&x)
actually gets an int or not, but scanf seems to freak out if it gets anything
but an int. For example:
int test;
for(;;)
{
printf("Sta
12 matches
Mail list logo
