#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2011
    Posts
    46
    Rep Power
    3

    How to check the length of inputted text before assigning to to a variable.


    I was recently reading about buffer overflows, and noticed my code may have one. The code is

    [CODE
    printf(">");
    scanf( "%s",input ); //Scan for the first text.

    [/CODE]

    Which is all very good, but the variable is:

    Code:
    char input[100]; //Inputted text
    And so if you typed 101 letters it would buffer overflow. I was wondering if there was a way to a) check the length of text before giving it a variable, or b) make a dynamically resizing variable (I have 1GB of RAM, which is 1024MB, 1048576KB, 1073741824 Bytes, 8589934592 bits, so it would be very difficult to fill up even 1 billion of them typing, so it would take a long time to fill it all (And more RAM = more bits, such as a 4GB PC would be 34359738368!))
  2. #2
  3. I'm Baaaaaaack!
    Devshed God 1st Plane (5500 - 5999 posts)

    Join Date
    Jul 2003
    Location
    Maryland
    Posts
    5,538
    Rep Power
    243
    Read up on scanf(). I believe you can do something like this:

    Code:
    scanf("%99s", input);
    However, read the commonly asked questions for safe ways to read input (hint: fgets()).

    My blog, The Fount of Useless Information http://sol-biotech.com/wordpress/
    Free code: http://sol-biotech.com/code/.
    Secure Programming: http://sol-biotech.com/code/SecProgFAQ.html.
    Performance Programming: http://sol-biotech.com/code/PerformanceProgramming.html.
    LinkedIn Profile: http://www.linkedin.com/in/keithoxenrider

    It is not that old programmers are any smarter or code better, it is just that they have made the same stupid mistake so many times that it is second nature to fix it.
    --Me, I just made it up

    The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable man.
    --George Bernard Shaw
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2011
    Posts
    46
    Rep Power
    3
    Originally Posted by mitakeet
    Read up on scanf(). I believe you can do something like this:

    Code:
    scanf("%99s", input);
    However, read the commonly asked questions for safe ways to read input (hint: fgets()).
    I am going to try the first answer, if that does not work I will look up fgets.

    Edit: scanf("%99s",input); did work, but for every 99 letters you enter it adds a new >. Not too much of a problem, unless someone falls asleep on the keyboard that should not happen. Still accepts commands on 3 chevrons. Thanks!
  6. #4
  7. Lord of Dorkness
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jan 2004
    Location
    Central New York. Texan via Arizona, out of his element!
    Posts
    8,524
    Rep Power
    3269
    If you actually checked out the functions you use you would know how to deal with newlines. Reading is a lost art but I recommend it highly if you can swing it.

    Comments on this post

    • SimonB2 agrees : The second sentence gets my 70 point vote.
    Functionality rules and clarity matters; if you can work a little elegance in there, you're stylin'.
    If you can't spell "u", "ur", and "ne1", why would I hire you? 300 baud modem? Forget I mentioned it.
    DaWei on Pointers Politically Incorrect.

IMN logo majestic logo threadwatch logo seochat tools logo