Skip to main content
Code Review

Return to Answer

Commonmark migration
Source Link
Community Bot
Community Bot
  • 1

#Dangerous scanf()#

Dangerous scanf()

This code here is susceptible to buffer overruns:

char conf[ROTORSIZE+1];
scanf("%s", conf);

If the user inputs a string longer than ROTORSIZE (26), your buffer will overflow and your program may crash.

One way of avoiding the buffer overruns is to use fgets instead. You could use fgets to grab the whole line, and then you can use sscanf to parse the rotor part of the line, knowing that the line length is bounded:

#define LINESIZE 80  // Or whatever length you prefer

char line[LINESIZE];
char conf[LINESIZE];

if (fgets(line, sizeof(line), stdin) == NULL)
    return 1;
if (sscanf(line, "%s", conf) != 1)
    return 1;
if (strlen(conf) != ROTORSIZE)
    return 1;
// ...

#Dangerous scanf()#

This code here is susceptible to buffer overruns:

char conf[ROTORSIZE+1];
scanf("%s", conf);

If the user inputs a string longer than ROTORSIZE (26), your buffer will overflow and your program may crash.

One way of avoiding the buffer overruns is to use fgets instead. You could use fgets to grab the whole line, and then you can use sscanf to parse the rotor part of the line, knowing that the line length is bounded:

#define LINESIZE 80  // Or whatever length you prefer

char line[LINESIZE];
char conf[LINESIZE];

if (fgets(line, sizeof(line), stdin) == NULL)
    return 1;
if (sscanf(line, "%s", conf) != 1)
    return 1;
if (strlen(conf) != ROTORSIZE)
    return 1;
// ...

Dangerous scanf()

This code here is susceptible to buffer overruns:

char conf[ROTORSIZE+1];
scanf("%s", conf);

If the user inputs a string longer than ROTORSIZE (26), your buffer will overflow and your program may crash.

One way of avoiding the buffer overruns is to use fgets instead. You could use fgets to grab the whole line, and then you can use sscanf to parse the rotor part of the line, knowing that the line length is bounded:

#define LINESIZE 80  // Or whatever length you prefer

char line[LINESIZE];
char conf[LINESIZE];

if (fgets(line, sizeof(line), stdin) == NULL)
    return 1;
if (sscanf(line, "%s", conf) != 1)
    return 1;
if (strlen(conf) != ROTORSIZE)
    return 1;
// ...
added 458 characters in body
Source Link
JS1
JS1
  • 28.9k
  • 3
  • 41
  • 83

#Dangerous scanf()#

This code here is susceptible to buffer overruns:

char conf[ROTORSIZE+1];
scanf("%s", conf);

If the user inputs a string longer than ROTORSIZE (26), your buffer will overflow and your program may crash.

You shouldOne way of avoiding the buffer overruns is to use fgets instead. You could use fgets to grab the whole line, and then you can use sscanf to parse the rotor part of the line, knowing that the line length is bounded:

#define LINESIZE 80  // Or whatever length you prefer

char line[LINESIZE];
char conf[LINESIZE];

if (fgets(confline, sizeof(confline), stdin); == NULL)
    return 1;
if (sscanf(line, "%s", conf) != 1)
    return 1;
if (strlen(conf) != ROTORSIZE)
    return 1;
// ...

#Dangerous scanf()#

This code here is susceptible to buffer overruns:

char conf[ROTORSIZE+1];
scanf("%s", conf);

If the user inputs a string longer than ROTORSIZE (26), your buffer will overflow and your program may crash.

You should use fgets instead:

fgets(conf, sizeof(conf), stdin);

#Dangerous scanf()#

This code here is susceptible to buffer overruns:

char conf[ROTORSIZE+1];
scanf("%s", conf);

If the user inputs a string longer than ROTORSIZE (26), your buffer will overflow and your program may crash.

One way of avoiding the buffer overruns is to use fgets instead. You could use fgets to grab the whole line, and then you can use sscanf to parse the rotor part of the line, knowing that the line length is bounded:

#define LINESIZE 80  // Or whatever length you prefer

char line[LINESIZE];
char conf[LINESIZE];

if (fgets(line, sizeof(line), stdin) == NULL)
    return 1;
if (sscanf(line, "%s", conf) != 1)
    return 1;
if (strlen(conf) != ROTORSIZE)
    return 1;
// ...
Source Link
JS1
JS1
  • 28.9k
  • 3
  • 41
  • 83

#Dangerous scanf()#

This code here is susceptible to buffer overruns:

char conf[ROTORSIZE+1];
scanf("%s", conf);

If the user inputs a string longer than ROTORSIZE (26), your buffer will overflow and your program may crash.

You should use fgets instead:

fgets(conf, sizeof(conf), stdin);