Author | Message | Time |
---|---|---|
Final | Ok well im making a program in c++ and gui and i hit a speed bump how do i add these into one variable. char* server=strTemp; char* URL = "steam://-applaunch 240 -game cstrike +connect "; | January 3, 2006, 9:32 AM |
FrOzeN | [code]char* server=strTemp; char* URL = "steam://-applaunch 240 -game cstrike +connect "; char BothVariables[255]; sprintf(BothVariables, "%s%s", server, URL);[/code] BothVariables now contains both server and URL in it. | January 3, 2006, 9:50 AM |
Final | thanks lots frozen your a real pal | January 3, 2006, 10:06 AM |
Myndfyr | [img]http://www.jinxbot.net/pub/finaladescentprogrammer.gif[/img] Dude, you programmed Descent? That was a really cool game. But I always thought it was written in C or C++.... obviously it was something else. What was it written in? | January 3, 2006, 4:56 PM |
Kp | [quote author=FrOzeN link=topic=13752.msg140234#msg140234 date=1136281836] [code]char* server=strTemp; char* URL = "steam://-applaunch 240 -game cstrike +connect "; char BothVariables[255]; sprintf(BothVariables, "%s%s", server, URL);[/code] BothVariables now contains both server and URL in it. [/quote] You're not checking whether there's actually enough room in the buffer. If strTemp is too long, the program will crash or execute undesirable code when it attempts to return from this function. | January 4, 2006, 12:19 AM |
FrOzeN | I realise that, though I assumed the CS: Source Server's DNS name wouldn't exceed 209 characters. If it does I'm going to further assume it lags and is not worth playing on anyway. | January 4, 2006, 2:33 AM |
Quarantine | Wow.. http://www.mkssoftware.com/docs/man3/strcat.3.asp Why not use the super duper function in string.h!? Warning: Heed the warnings on the page, you MUST ensure that s1 is large enough to hold itself and whatever is appened to it. | January 4, 2006, 3:38 AM |
warz | I think that "descent" joke has happened before. I'm not sure if it was about his description, but I know I've seen that happen here once. | January 4, 2006, 4:03 AM |
KkBlazekK | [quote author=warz link=topic=13752.msg140388#msg140388 date=1136347399] I think that "descent" joke has happened before. I'm not sure if it was about his description, but I know I've seen that happen here once. [/quote] Yes it has happened before and Nope, it was someone else. :P | January 4, 2006, 5:21 AM |
Final | Oh sorry I mispelled my lil personnal comment I ment decent I just forgot how to spell it please forgive me! Frozen told me its a game of somesort 3d game right ? well i didnt know about it at all never even heard of it and the space for the buffer is easiely solved by this: instead of putting a number just put this "MAX_PATH" heck ive used it alot before so the space prob didnt hurt cuz i fixed that when i read the code. | January 4, 2006, 5:23 AM |
Kp | How is using a buffer of size 260 safer than a buffer of size 255? They're both vulnerable to an overflow if you pass too much data in. The correct thing to do would be to use a length-checking variant, such as strncat, strncpy, or snprintf, of the string function you want. strncpy behaves strangely though, so you might be better off copying the BSD strlcpy instead. | January 4, 2006, 5:41 AM |
JoeTheOdd | @Myndfyre: He spelled decent wrong. =p | January 4, 2006, 5:26 PM |
Mephisto | [quote author=Kp link=topic=13752.msg140416#msg140416 date=1136353303] How is using a buffer of size 260 safer than a buffer of size 255? They're both vulnerable to an overflow if you pass too much data in. The correct thing to do would be to use a length-checking variant, such as strncat, strncpy, or snprintf, of the string function you want. strncpy behaves strangely though, so you might be better off copying the BSD strlcpy instead. [/quote] For personal knowledge, can you explain how it behaves strangley and is unique compared to other length checking string functions? | January 5, 2006, 12:18 AM |
Kp | [quote author=Mephisto link=topic=13752.msg140525#msg140525 date=1136420281] [quote author=Kp link=topic=13752.msg140416#msg140416 date=1136353303] How is using a buffer of size 260 safer than a buffer of size 255? They're both vulnerable to an overflow if you pass too much data in. The correct thing to do would be to use a length-checking variant, such as strncat, strncpy, or snprintf, of the string function you want. strncpy behaves strangely though, so you might be better off copying the BSD strlcpy instead. [/quote] For personal knowledge, can you explain how it behaves strangley and is unique compared to other length checking string functions? [/quote] I could, but it's easier just to quote the man page. :) [pre] The strncpy() function is similar, except that not more than n bytes of src are copied. Thus, if there is no null byte among the first n bytes of src, the result will not be null-terminated. In the case where the length of src is less than that of n, the remainder of dest will be padded with nulls. [/pre] Other length-limited string functions ensure the string is null terminated (even if they must cut off some characters to do so), and don't do anything to the space beyond where the null is dropped. | January 5, 2006, 12:53 AM |
Quarantine | Hmm, I think it would be better practice to just account for the null terminator when doing the allocation or whatever for s1. The others seem like workarounds that withought checks can easily confuse a person. | January 5, 2006, 3:13 AM |
zorm | [quote author=Kp link=topic=13752.msg140531#msg140531 date=1136422400] [quote author=Mephisto link=topic=13752.msg140525#msg140525 date=1136420281] [quote author=Kp link=topic=13752.msg140416#msg140416 date=1136353303] How is using a buffer of size 260 safer than a buffer of size 255? They're both vulnerable to an overflow if you pass too much data in. The correct thing to do would be to use a length-checking variant, such as strncat, strncpy, or snprintf, of the string function you want. strncpy behaves strangely though, so you might be better off copying the BSD strlcpy instead. [/quote] For personal knowledge, can you explain how it behaves strangley and is unique compared to other length checking string functions? [/quote] I could, but it's easier just to quote the man page. :) [pre] The strncpy() function is similar, except that not more than n bytes of src are copied. Thus, if there is no null byte among the first n bytes of src, the result will not be null-terminated. In the case where the length of src is less than that of n, the remainder of dest will be padded with nulls. [/pre] Other length-limited string functions ensure the string is null terminated (even if they must cut off some characters to do so), and don't do anything to the space beyond where the null is dropped. [/quote] Note: This isn't true for windows. Take _snprintf for example [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vccore98/HTML/_crt__snprintf.2c_._snwprintf.asp[/url] [quote] The _snprintf function formats and stores count or fewer characters and values (including a terminating null character that is always appended unless count is zero or the formatted string length is greater than or equal to count characters) in buffer. Security Note Ensure that format is not a user-defined string. This function does not guarantee NULL termination, so ensure it is followed by sz[ ARRAYSIZE(sz) - 1] = 0. For more information, see Avoiding Buffer Overruns. [/quote] Wow, the security note is neat. It wasn't around the last time I looked at the MSDN page for _snprintf. | January 5, 2006, 10:10 AM |
Kp | That's terrible! The GNU libc implementation of snprintf always null terminates non-empty buffers, even if the output is truncated. It's likely that much code written for Unix relies on this behavior, as do many Windows programmers. I'd never heard about this incompatibility in the Microsoft implementation, nor do I see reference to it in the PSDK I use as a reference. | January 6, 2006, 4:02 AM |