| |
| |
| |
|
Page: 1 2 3
Comments:
<0> I'm having some trouble reading a file into an array, there is some C++ mixed in here though
<0> http://rafb.net/paste/results/3ngFc392.html
<1> then ask in #c++
<0> it's much more C than C++
<1> no, it's not. it's all C++
<1> if you use a C++ compiler to compile it, it's C++.
<1> if a C compiler won't compile it, then it's not C.
<0> ok well thanks ****
<2> rofl
<2> let's get him banned from c++ too
<3> hmmm
<4> sal i am looking for a free C interpretor somethink like that old by
<4> Augie Hansen
<4> that old Learn C
<4> compiler
<1> you want an interpreter or a compiler?
<1> there's one that does both
<1> tiny C, but it's linux only
<1> iirc they're *close* to being ANSI C99 compliant
<1> there's also an interactive C script. it's interpreted too, but i don't remember the name.
<1> maybe tiny c is windows now
<4> thank's ... a interpretor ... i want it for some child ... educative purposes
<4> i will search for tiny C
<1> ah it is
<1> http://fabrice.bellard.free.fr/tcc/
<1> http://www.google.com/search?q=c+interpreter&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official
<4> yes i know i already downloaded cint and ch but it's always better to ask some experts :)
<1> ok
<5> im looking for _vftprintf to store the result on a char *
<5> vsnprintf maybe
<4> ASCII (char) : vfprintf() UNICODE: vfwprintf() Generic-8/16 : vftprintf()
<4> in STRING.H header
<4> hoever the use of underscores in function names for standard C library string routines is a mess :(
<4> try _vfprintf if vfprintf doesnt work ...
<6> thanks
<5> what can i do if I got a char* with a % :(, vfprint and _vfprint dies :( how can i scape that char
<7> %%
<8> if it's not actually a format string, you shouldn't printf(blah) anyway, but rather printf("%s", blah) or fputs(blah, stdout) or something
<1> printf(blah);
<1> works just fine, as long as there are no % characters in it.
<1> it's certainly not as fast as doing fputs, but there's nothing *wrong* with it.
<5> I ve replaced the % by %%
<7> You don't have to do printf(blah);
<7> printf("%s", blah)
<5> _vsnprintf_s (buffer, sizeof(buffer), sizeof(buffer), lpEvent, args);
<5> i use this
<5> int logkeydata(LPCTSTR lpEvent, ...){
<8> dbtid: hmm yeah.. it's wrong though if blah is user input :p
<5> i should replace vsnprintf_s or escapes
<9> i thought there was posibility of a buffer overflow with printf(blah);
<8> not really, but at least it can crash your program... _if_ it is user input that you can't trust
<8> or well, depends how you defined buffer overflow... if printf reading from a buffer that is not actually supposed to be one is overflow, then yes :p
<9> thats reading memory that don't belong to you
<9> dang my other box just rebooted
<9> power blinked out
<9> the ups wasn't fast enough
<8> whoa ups ^^
<8> er well okay @ overflow... it's not subject to the typical buffer overflow attacks at least though
<9> i do remeber when i took that c cl*** in 2002 the instructor sayinbg something about it
<9> and that using "%s", blah was safer
<9> ohh i bet i know
<9> if the var contained like % codes
<10> winkey, you mean printf(blah) vs printf("%s",blah) ?
<10> yes.
<9> it would go looking for addresses that werent p***ed
<10> if blah contains two vars ("%s %s") for example, but you dont give any param to printf. those vars wiill be read from the stack (anyone correct me if I'm wrong)
<10> you could check the content of blah before. but using %s is a safer way in any case.
<9> invalid read
<9> thats what valkgrind would call it
<10> well, its expecting a pointer and if you have an int in the stack printf will try to access this as a pointer. there are great chances that the resulting pointer points to not-your-memory.
<10> try with %08x
<11> ha
<10> try with this: int main(int argc, char *argv[]) { if ( argc == 2 ) printf(argv[1]); printf("\n"); return 0; }
<10> ./a "begin %08x end" results in begin bffffd7c end
<9> http://en.wikipedia.org/wiki/Format_string_attacks
<10> exac tly.
<10> exactly.
<9> pronly makes printf(MY_MACRO); unsafe aswell
<8> sounds like kernel32.dll address
<9> sounds painfull
<8> and... OH - didn't think of %n... no wonder then that it can be used for malicicous code
<8> heh
<8> hmm, it's like... hmm
<8> oh, as main probably creates a stack frame, that's the old stack pointer
<8> if something's written at that address, returning from main will jump to wherever... duh :p
<4> brrr
<9> do{}while{1} feeling loopy?
<4> nope just rteading about the printf vulnerability
<9> i bet theres alot of code out there with it
<9> saw alot of bug reports on google
<4> i just discovered the code i am writing rigth now has the same problem :)
<9> i think i wrote a var args function awhile back without a case for 'n'
<9> now to remeber where it is
<8> hmm
<8> just thought about making such a code myself, but hmm... it's hard as you can't write what you want with %n
<9> sure ya can
<9> if ya want to write a 0x02 ya stuff "aa%n" in the var
<9> anybody have a decent tutorial for lex/yacc for doing config files?
<4> winkey: http://www.cs.utk.edu/~shi/link_prog.htm
<4> you have there some tutorials i have started with
<9> all but one are dead links
<9> abd the one thats not is a tripod page
<4> http://epaperpress.com/lexandyacc/
<4> this is the new address for the first link
<4> yes there are prety old
<4> i didn't know if there are still working
<4> anyway search by tutorials title on google you should find them
<9> Jul 09 09:54:07 <JailBird> although just looking at yacc/lex makes me want to slit my wrists
<9> xml is starting to look more and moe atractive
<4> xml seems to become programmers aspirine :) someday you will hear xml is the solution to world peace :))
<9> only if programmers are the only people to start wars
<4> :))
<8> <+winkey> if ya want to write a 0x02 ya stuff "aa%n" in the var << hehe... i'd need to write something like 0xbfffffff there *g*
<10> what is the usual workaround when you have to include a fixed array (declared in a .h) in multiple .c files ?
<10> to avoid "multiple definitions of 'name of array'
<9> ThFabba then you will need to write a realy long string
<8> heh
<8> yeah, i'll have to input a 3gb file just to do a little format overflow :p
<12> #ifndef filename
<12> #define filename
<12> ... header content
<12> #endif
<9> ThFabba wonder if theres a way to write it in chunks?
<8> spale: if you don't initialize it in the header, that should go fine, no?
<9> like %n%n%n%n
<10> artistu, its not a compiler program, but a linker one.
<8> well the problem is that it returns an int... and the address on the stack that needs to be overwritten has only the size of an int :|
<10> ThFabba, I dont get it. what do you mean with initialize?
<10> artistu, program/problem
<8> int blah[5]; => fine in a header... int blah[5] = { ... } => multiple definitions
<12> aha
<10> ThFabba, but its a fixed array of help stuff. it must be initialized and I need it in multiple modules
<10> ThFabba, like char *help[] = { 'help msg one', 'help msg two', etc... };
<10> wait. would 'static' make it local to the module?
<8> local to each of the modules, yeah
<8> what i'd do is include it in one .c file and provide just char *help[SOME_CONST]; in the header, though
<8> just that you gotta adjust the const according to what's in the .c
<13> extern?
<8> extern is the default
<13> hmm... not on my gcc
<10> yep
<8> huh?
<13> well.. i have int a[5]; in the header
<8> i recall reading extern linkage = default in the c standard
<13> and then int a[5] = {1, 2, 3} in one of the c files and it's giving me a linker error
<13> well, i could just be doing everything wrong :D
<1> you should NEVER put "int a[5];" in a header.
<1> NEVER.
<1> if a.h contains int a[5];
Return to
#c
or
Go to some related
logs:
turksh snd
#windows
#windows
gnome_execute_async_with_env_fds
#chatzone
comptatia
haga-brothers
Edwardo V1
#skype
#linux
|
|