Re: Hijacked: C vs C++

Jack Purdum · 2018-07-05T06:20:14-07:00

That's not necessarily bulletproof, either, but a step in the right direction. Try this: void setup() { char temp[5]; int val = 0; Serial.begin(115200); while (!Serial); // Necessary on some faster

Single Messages Topics Expanded Polls

Re: Hijacked: C vs C++

Jack Purdum #53693 That's not necessarily bulletproof, either, but a step in the right direction. Try this: void setup() { ? char temp[5]; ? int val = 0; ? Serial.begin(115200); ? while (!Serial);??????????????? // Necessary on some faster Arduinos, like the Due ? strncpy(temp, "12345", 5); ? Serial.print("temp = "); ? Serial.print(temp); ? Serial.print("# val = "); ? Serial.println(val); } void loop() { } It prints out "12345". The fact that it prints out the entire string means the string termination character is stored...where? The documentation for strncpy() states: ????No null-character is implicitly appended at the end of destination if source is longer than num. Thus, in this case, destination shall not be considered ????a null terminated C string (reading it as such would overflow). Moral: The strn()* function don't guarantee? protection against buffer overflow. It simply means you're thinking about it. Jack, W8TEE On Thursday, July 5, 2018, 8:56:00 AM EDT, Brian Bowling <bowlingb@...> wrote: How about making your programming safer and more robust? ?Strcat() and strcpy() can be found at the root of so many buffer overflows. If you must use them at least use the 'n' versions strncpy() and strncat().? Brian

View All 33 Messages

#53693

Join [email protected] to automatically receive all group messages.

开云体育

Re: Hijacked: C vs C++