Author |
Topic: Potential Problem in function (Read 500 times) |
|
johny_cage
Full Member
Gender: 
Posts: 155
|
 |
Potential Problem in function
« on: Oct 24th, 2007, 6:21am » |
 Quote  Modify
|
The following is a simple c program, in which there is a function called Error to display errors. Can you see a potential problem with the way Error is defined?
#include <stdlib.h>
#include <stdio.h>
void Error(char* s)
{
printf(s);
return;
}
int main()
{
int *p;
p = malloc(sizeof(int));
if(p == NULL)
{
Error("Could not allocate the memory\n");
Error("Quitting....\n");
exit(1);
}
else
{
/*some stuff to use p*/
}
return 0;
}
|
|
 IP Logged |
|
|
|
SMQ
wu::riddles Moderator
Uberpuzzler
Gender:
Posts: 2084
|
|
Re: Potential Problem in function
« Reply #1 on: Oct 24th, 2007, 6:29am » |
Quote Modify
|
In Error, it should be printf("%s", s);, or better yet, fputs(s, stderr);, otherwise an error string with % in it could cause the printf to expect more parameters than were passed, and potentially crash without ever displaying the error.
--SMQ
|
| « Last Edit: Oct 24th, 2007, 6:31am by SMQ » |
IP Logged |
--SMQ
|
|
|
GowriKumar
Junior Member
 
Gender:
Posts: 55
|
|
Re: Potential Problem in function
« Reply #2 on: Oct 24th, 2007, 10:30am » |
Quote Modify
|
These sort of errors are called format string vulnerabilities. Long back, I had prepared a slide-set explaining them. They are available here:
http://www.devhood.com/tools/tool_details.aspx?tool_id=877
The example programs and the links may not work, but it may help in understanding the problem with the function Error.
Regards,
Gowri Kumar
|
|
IP Logged |
www.gowrikumar.com
|
|
|
johny_cage
Full Member
Gender:
Posts: 155
|
|
Re: Potential Problem in function
« Reply #3 on: Oct 24th, 2007, 3:17pm » |
Quote Modify
|
@gowrikumar
nice one...
|
|
IP Logged |
|
|
|
|
RIDDLES SITE
WRITE MATH!
Home 
Help 
Search 
Members 
Login 
Register
Reply
Notify of replies
Send Topic
Print