From the course: Secure Coding in C++
Join today to access over 25,500 courses taught by industry experts.
Avoiding C-style string vulnerabilities - C++ Tutorial
From the course: Secure Coding in C++
Avoiding C-style string vulnerabilities
- [Instructor] Let's look at an example featuring a vulnerability of C style strings. This code looks safe at first glance, but it's not. In line 12, we ask the user to enter their name, and then store it in the fixed size character array name, which only holds 10 characters. Then in line 15, we build a welcome message using SN print F, which writes the message into the MSG buffer. It seems fine. After all, we are using SN print F instead of S print F, so we have a size limit. Let's run it and try entering a long name. I'll enter Bartholomew, which has 11 characters. Let's see the greeting. What? That's clearly wrong. What's happening is that the input overflows the name buffer, and spills into adjacent memory, thus corrupting the MSG buffer in the process. This is a real memory safety issue, not just a formatting glitch. Before fixing this code, let's see what the Copilot thinks about it. Yep, we have a warning about the length of name, and the possibility of entering something…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.