Sunday, September 25, 2005

Catch 'em, Kill 'em Pt.1 - Catch 'em

aaaaah yes, the code developers out there - find the bugs in these simple code samples involving just strncat and strncpy (n byte copy and concatenating). Of course, I didn't make up these questions. I shall provide the necessary back track to the source after I provide (his) answers. I got most of them, so that should be very encouraging for all of you. You can close your mouth now (in case its still open with shock that I managed to get even one).

// Example #1 (code prior to this verifies pszSrc is <= 50 chars)
#define MAX (50)
char *pszDest = malloc(sizeof(pszSrc));
strncpy(pszDest,pszSrc,MAX);

// Example #2
#define MAX (50)
char szDest[MAX];
strncpy(szDest,pszSrc,MAX);

// Example #3
#define MAX (50)
char szDest[MAX];
strncpy(szDest,pszSrc,MAX);
pszDest[MAX] = '\0';

// Example #4
#define MAX (50)
char szDest[MAX];
strncpy(szDest,pszSrc,MAX-1);
strncat(szDest,pszSrc,MAX-1);

// Example #5
char szDest[50];
_snprintf(szDest, strlen(szDest), "%s",szSrc);

// Example #6
#define MAX (50)
void func(char *p) {
char szDest[MAX];
strncpy(szDest,p,MAX);
szDest[MAX-1] = '\0';
}

1 comment:

zee said...

Yawn! Yawn! Yawn!