Home > Blockchain >  Malloc array of characters. String
Malloc array of characters. String

Time:01-14

I understand that assigning memory allocation for string requires n 1 due to the NULL character. However, the question is what if you allocate 10 chars but enter an 11 char string?

#include <stdlib.h>
int main(){
    int n;
    char *str;
    printf("How long is your string? ");
    scanf("%d", &n);
    str = malloc(n 1);
    if (str == NULL) printf("Uh oh.\n");
    scanf("%s", str);
    printf("Your string is: %s\n", str);
}

I tried running the program but the result is still the same as n 1.

CodePudding user response:

If you allocated a char* of 10 characters but wrote 11 characters to it, you're writing to memory you haven't allocated. This has undefined behavior - it may happen to work, it may crash with a segmentation fault, and it may do something completely different. In short - don't rely on it.

CodePudding user response:

If you overrun an area of memory given you by malloc, you corrupt the RAM heap. If you're lucky your program will crash right away, or when you free the memory, or when your program uses the chunk of memory right after the area you overran. When your program crashes you'll notice the bug and have a chance to fix it.

If you're unlucky your code goes into production, and some cybercriminal figures out how to exploit your overrun memory to trick your program into running some malicious code or using some malicious data they fed you. If you're really unlucky, you get featured in Krebs On Security or some other information security news outlet.

Don't do this. If you're not confident of your ability to avoid doing it, don't use C. Instead use a language with a native string data type. Seriously.

CodePudding user response:

what if you allocate 10 chars but enter an 11 char string?

scanf("%s", str); experiences undefined behavior (UB). Anything may happen including "I tried running the program but the result is still the same as n 1." will appear OK.

Instead always use a width with scanf() and "%s" to stop reading once str[] is full. Example:

char str[10 1];
scanf("s", str);

Since n is variable here, consider instead using fgets() to read a line of input.

Note that fgets() also reads and saves a trailing '\n'.
Better to use fgets() for user input and drop scanf() call altogether until you understand why scanf() is bad.

str = malloc(n 1);
if (str == NULL) printf("Uh oh.\n");
if (fgets(str, n 1, stdin)) {
  str[strcspn(str, "\n")] = 0; // Lop off potential trailing \n

CodePudding user response:

When you write 11 bytes to a 10-byte buffer, the last byte will be out-of-bounds. Depending on several factors, the program may crash, have unexpected and weird behavior, or may run just fine (i.e., what you are seeing). In other words, the behavior is undefined. You pretty much always want to avoid this, because it is unsafe and unpredictable.

Try writing a bigger string to your 10-byte buffer, such as 20 bytes or 30 bytes. You will see problems start to appear.

  • Related