1 
char *host;

host = malloc(64 * sizeof(char)); /* spazio per 64 caratteri */
memset(host,0x00,host[63]);

I have a doubt: pointer can be seen as an "array"??
With the above code am i putting NULL into the 64 byte? (to prevent buffer overflow)

Improve this question
2
  • 1
    Use memset(host, 0, 64) - memset() wants a size as the third parameter what you're passing there is uninitialized data (so, nonsense in other words). Commented Apr 24, 2012 at 21:23
  • sizeof(char) is always 1 and 0x00 is a rather sophisticated representation of good old 0. Commented Apr 24, 2012 at 21:34

2 Answers 2

Reset to default
2

Even if your code was correct (see @Dietrich's answer), it doesn't prevent buffer overflow. I can do this:

strcpy(host, "A very large string that's definitely a lot longer than 64 characters, so it will cause you a great deal of misery");
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

so the best way to protect it is to do this:
if((strlen(host)+1) > 64){ fprintf(stderr,"\n--> ERRORE: buffer overflow\n"); return EXIT_FAILURE; }
@polslinux: No, that won't do anything useful. Once you've done the strcpy, it's already too late!
so what can i do to ""prevent a strcpy""??
@polslinux: Nothing, other than check beforehand that the source string is smaller than the buffer.
2

A pointer can be seen as an array, in C. However, your code is wrong.

Correct version:

char *host;
host = malloc(64);   // sizeof(char) == 1, guaranteed by the standard
if (!host) abort();  // malloc can return NULL if it fails
host[63] = '\0';     // put NUL byte into the last element of array

When you run memset(host, 0x00, host[63]), it passes the value stored in host[63] as the length to memset. This is an error, since host is uninitialized, host[63] is garbage and you should not pass garbage to memset. If you are very lucky, your program will crash immediately. If you are unlucky, it will not.

Putting the \0 byte into the last slot of host does not avoid most buffer overflows. Most different types of buffer overflows need to be handled on an individual basis so there is no "one way" to prevent them.

Buffer overflows are a class of programming mistakes, and like most classes of mistakes, there are a lot of ways to make them. Each different buffer overflow is just a piece of incorrect code that needs to be fixed.

Terminology note: I prefer using NULL to refer to the invalid pointer named "NULL" in C, and NUL to refer to the zero byte in an ASCII string. E.g.,

// Initialize ptr to a NULL ptr...
char *ptr;
ptr = NULL;
ptr = 0; // equivalent to above

ptr = xmalloc(15);
// Set *ptr to the NUL byte...
*ptr = '\0';
*ptr = 0; // equivalent to above
Improve this answer

6 Comments

"A pointer can be seen as an array" - because a pointer can point to the first element of an array, and hence "represents" the array.
Also, perhaps, say something about NULL vs 0.
NULL is not a invalid pointer. By valid pointer C means either a pointer to an object or a null pointer.
@DietrichEpp; My concern was that "[…]i putting NULL into the 64 byte[…]" could be some misunderstanding about NULL. To quote Peter van der Linden: "The ASCII character with the bit pattern of zero is termed a "NUL". The special pointer value that means the pointer points nowhere is "NULL". The two terms are not interchangeable in meaning."
Thanks to all :) you were very exhaustive :) i'm a newbie in C...and you've seen it xD
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.