安全scanf()或得到 [英] safe scanf( ) or gets
问题描述
的功能...我的意思是..如果我这样做:
char a [256];
scanf("%s",a);
和用户输入257字符串..
that创建一个问题..同样的获取..
即使你创建一个char数组'99999999999999 char long ..如果
用户输入更长的时间它仍然是一个bug ..而且我不想要
这个..
< OT>
C ++有std :: string如果运行时动态地重新分配它们
太大了,但是我们呢?
< / OT>
我虽然从stdin使用字符输入函数,然后使用这个单个字符创建一个
字符串,然后将此字符附加到当时
一个字符串的结尾,如果字符串变得太小,realloc()会更大
一个..但是每次这样做都很烦人我想阅读
输入..是的我可以用这个创建一个函数..那就是我要来的b $ b。但是我想知道你是什么C专家正在努力避免在这种情况下发生错误或错误
谢谢!
Eric Boutin写道:
嗨!我想知道如何快速安全地使用安全的scanf()或
获得功能......我的意思是......如果我这样做:
我不喜欢我不知道任何安全的使用途径。在你可以使用的地方使用fgets
指定要读入缓冲区的最大字符数。使用
scanf,可以通过在
转换说明符中指定最大字段宽度来实现相同的目标(见下文)。
char a [ 256];
scanf("%s",a);
并且用户输入了一个257字符串..
会产生问题..对于获取相同..
即使你创建一个字符串'99999999999999字符长...如果
用户输入更长的东西它仍然是一个bug ..而且我不想要
这个..
您可以通过在
转换说明符中指定最大字段宽度来避免此问题:
scanf(" ;%254s",a);
将最多254个字符读入a。阅读
scanf文档以获取更多详细信息。
< OT>
C ++有std :: string,如果它们正在运行,它们会自动重新运行
太大了,但我们怎么样?
< / OT>
不幸的是你不得不自己滚动......但是......(见下文) )
我虽然使用字符输入函数,从stdin,然后用这个单字符创建一个字符串,然后将这个字符附加到
然后
结束一个字符串,如果字符串变得太小,realloc()更大一个..但是每次我想读取
输入时这样做很烦人。是的我可以创建一个这个功能......这就是我要做的事情。但是我想知道你们C专家为避免在这种情况下发生的段错或错误而做了什么br />
这个组中的几个常客(CBFalconer,Richard Heathfield,Morris
Dovey)已经开发了一些功能沿着你想要的
的路线走。即使您想要自己滚动,也可以在档案中搜索主题为从文件中读取一行的
主题。获取
的网址相同,以了解如何去做。
-nrk。
ps:这个问题似乎经常出现在这里,也许它应该在常见问题解答中添加
?
谢谢!
" Eric Boutin" < ER ** @ nic.nac.wdyn.de>在消息中写道
嗨!我想知道如何快速安全地使用安全的scanf()或>
得到函数......我的意思是..如果我这样做:
真正的答案是stdin很少用于真正的程序。如果
程序从用户那里获取一些参数,则这些参数将在命令
line上传递,如果它需要大量输入,则这些参数在ASCII文件中给出,
如果它确实需要交互性,那么它使用GUI。
有很多功能可以读取任意长度
$来自stdin的b $ b字符串。你只需要写一次。
替换gets()的建议是调用fgets()并抛弃
尾随''\\ \\ n''很糟糕,因为你在溢出时用错误的
行为替换未定义的行为。要正确使用fgets(),你必须对
溢出采取行动,这会使程序变得复杂。
"马尔科姆" <毫安***** @ 55bank.freeserve.co.uk>写道:
真正的答案是stdin在真实程序中很少使用。
我非常不同意。事实上,为了完成计算机的任何/实际/工作,
程序从标准输入读取并写入标准输出(AKA
过滤程序)是绝对必需的,IMO。
如果没有过滤程序,计算机对我来说就没用了。 (我也会失业,因为我的工作是不可能的。)
如果它需要大量的输入,这些是在ASCII文件中给出的,
我不明白。一个文本文件可以包含任意长的行,就像标准输入一样
。如何从文件中读取而不是标准的
输入改变了这种情况?
(事实上,在许多操作系统上,标准输入可以重定向
来自一个文件,并为终端提供了一个文件名,所以恕我直言
区分标准输入和命名
$没有多大意义b $ b文件。)
如果它确实需要交互性,那么它使用GUI。
再次,如果这应该是一般的建议(听起来好像是,
对不起,如果我误解了你),我强烈不同意。许多人(包括
我自己)更喜欢GUI程序的非GUI程序。
Martin
Hi ! I was wondering how to quickly and safely use a safe scanf( ) or gets
function... I mean.. if I do :
char a[256];
scanf("%s", a);
and the user input a 257 char string..
that creates a problem.. same for gets..
even if you create a char array that''s 99999999999999 char long.. if the
user input something longer it will still be a bug.. and I don''t want
this..
<OT>
C++ have std::string that dynamicaly realloc themself if they are running
too big, but what about us ?
</OT>
I though about using character input function, from stdin, and then create a
string with this single character, then appending this character to the then
end of a string, and if the string gets too small, realloc( ) a bigger
one.. however this is quite annoying to do this each time I want to read
input.. yes I could create a function with this.. and that''s what I gonna
do.. however I was wondering what you C experts were doing to avoid a
segfault or a bug in a such situation
thanks !
Eric Boutin wrote:
Hi ! I was wondering how to quickly and safely use a safe scanf( ) or
gets
function... I mean.. if I do :
I don''t know of any safe way to use gets. Use fgets instead where you can
specify the maximum number of characters to read into your buffer. With
scanf, the same can be achieved by specifying a maximum field width in the
conversion specifier (see below).
char a[256];
scanf("%s", a);
and the user input a 257 char string..
that creates a problem.. same for gets..
even if you create a char array that''s 99999999999999 char long.. if the
user input something longer it will still be a bug.. and I don''t want
this..
You can avoid this problem by specifying the maximum field width in the
conversion specifier:
scanf("%254s", a);
which will read a maximum of 254 characters into "a". Read the
documentation of scanf for more details.
<OT>
C++ have std::string that dynamicaly realloc themself if they are running
too big, but what about us ?
</OT>
You''ll have to roll your own unfortunately... but... (see below)
I though about using character input function, from stdin, and then create
a string with this single character, then appending this character to the
then
end of a string, and if the string gets too small, realloc( ) a bigger
one.. however this is quite annoying to do this each time I want to read
input.. yes I could create a function with this.. and that''s what I
gonna
do.. however I was wondering what you C experts were doing to avoid a
segfault or a bug in a such situation
Several regulars in this group (CBFalconer, Richard Heathfield, Morris
Dovey) have developed functions that do something along the lines of what
you want. Even if you want to roll your own, search the archives for a
thread with subject "Reading a line from a file" to get the URLs for the
same, to get a feel for how to go about it.
-nrk.
ps: This question seems to crop up so often around here that perhaps it
should be added to the FAQ?
thanks !
"Eric Boutin" <er**@nic.nac.wdyn.de> wrote in message
Hi ! I was wondering how to quickly and safely use a safe scanf( ) or > gets function... I mean.. if I do :
The real answer is that stdin is seldom used in real programs. If the
program takes a few parameters from the user these are passed on the command
line, if it needs a large number of inputs these are given in an ASCII file,
and if it really needs interactivity then it uses a GUI.
There are plenty of functions knocking around that read an arbitrary-length
string from stdin. You only have to write these once.
The advice to replace gets() with a call to fgets() and throw away the
trailing ''\n'' is bad, since you replace undefined behaviour with wrong
behaviour on overflow. To use fgets() properly you have to take action on
overflow, which makes the program complex.
"Malcolm" <ma*****@55bank.freeserve.co.uk> writes:
The real answer is that stdin is seldom used in real programs.
I strongly disagree. In fact, to get any /real/ work done with a computer,
programs which read from standard input and write to standard output (AKA
filter programs) are absolutely mandatory, IMO.
Without filter programs, computers would be useless to me. (I would also
be unemployed, because my work would be impossible.)
if it needs a large number of inputs these are given in an ASCII file,
I don''t understand. A text file can contain arbitrarily long lines, just
like standard input. How does reading from a file instead of standard
input change the situation?
(In fact, on many operating systems, standard input can be redirected
from a file, and a file name is provided for the terminal, so IMHO it
doesn''t make much sense to distinguish between standard input and named
files.)
and if it really needs interactivity then it uses a GUI.
Again, if this is supposed to be general advice (it sounds as if it is,
sorry if I misunderstood you), I strongly disagree. Many people (including
myself) prefer non-GUI programs to GUI programs.
Martin
这篇关于安全scanf()或得到的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
