do not use printf without %s to print a string
来源:互联网 发布:mac子弹头rebel 编辑:程序博客网 时间:2024/06/04 18:18
Since the printf() function takes strings as arguments, you might think that you do not need the format specifier "%s" while printing a string.
Example:
However, this can be very dangerous--what if your string includes a format specifier like %s or %d? Because printf is a varargs function, it uses the format string to decide how many arguments it takes. If you provide one argument, but put in the format specifier, it will assume it has more arguments than it does, and read them off the stack. This will cause it to print out data from stack memory for those format strings. This can reveal information about the state of your program's memory to an attacker who adds format specifiers to the string--or just cause bugs. Don't do it!
Example:
int main(){ char string[30]="Hello c programers"; printf(string); return 0;}
However, this can be very dangerous--what if your string includes a format specifier like %s or %d? Because printf is a varargs function, it uses the format string to decide how many arguments it takes. If you provide one argument, but put in the format specifier, it will assume it has more arguments than it does, and read them off the stack. This will cause it to print out data from stack memory for those format strings. This can reveal information about the state of your program's memory to an attacker who adds format specifiers to the string--or just cause bugs. Don't do it!
0 0
- do not use printf without %s to print a string
- How to resolve: You do not have a license to use this ActiveX control
- What's a J2EE Dev To Do?
- C# c++注册组件ocx失败 You do not have a license to use this ActiveX control.
- Do not use shared variable to check thread status
- Android: PLEASE DO NOT USE A WAKE LOCK
- How do I add an integer value with javascript (jquery) to a value that's returning a string?
- When not to use a word processor
- use regexp() to split a string
- To find sum of two numbers without using any operator. Only use of printf() is allowed.
- 8 Reasons NOT to Use Microsoft Forefront TMG’s Reporting
- How do you remove the duplicate characters in a given string without using any additional buffer.
- Do not concatenate text displayed with setText. Use resource string with placeholders. 提示
- android基础--TextView.Do not concatenate text displayed with setText. Use resource string with placeho
- Do not concatenate text displayed with setText,use resource string with placeholders.
- Do not concatenate text displayed with 'setText'. Use resource string with placeholders.
- Do not concatenate text displayed with setText. Use resource string with placeho
- gdb提示“you can't do that without a process to debug"解决方法
- 在可预见的未来,IT化的分工会让智能
- yii的邮件发送扩展的使用
- 人才供应链管理模式
- 新一代Windows Server技术预览版已发布
- hdu1435 稳定婚姻问题
- do not use printf without %s to print a string
- FZU Problem 1692 Key problem(循环矩阵)
- 为了人本身,为了人自身的发展
- 数据挖掘中所需的概率论与数理统计知识、上
- 就如戴尔在供应链管理上的优秀
- Android中focusable属性的妙用——底层按钮的实现
- SDUTOJ 1351 Max Sum
- java web中实现同一帐号同一时间只能一个地点登陆(类似QQ登录的功能)
- POJ1236 强连通 (缩点后度数的应用)