缓冲区溢出保护 [英] Buffer overflow protection
问题描述
如果我们希望我们的程序能够防止缓冲区溢出,那么我们是否必须明确检查各种容器的大小?
例如
#include< iostream>
#include< string>
int main()
{
使用命名空间std;
string s;
while(cin>> s)
;
// ...
}
应该成为:
#include< iostream>
#include< string>
#include< cctype>
int main()
{
使用命名空间std;
string s;
while(cin& & s.size()< s.max_size())
{
char c;
cin>> ; c;
if(isspace(c))
继续;
s.push_back(c) ;
}
// ...
}
Ioannis Vranos
"扬Vranos" < iv*@guesswh.at.emails.ru>在消息中写道
news:c5 *********** @ ulysses.noc.ntua.gr ...如果我们想要我们的程序为防止缓冲区溢出,我们是否必须明确检查各种容器的大小?
#include< iostream>
#include < string>
int main()
{
使用命名空间std;
string s,temp;
while(cin>> temp)
s + = temp;
// ...
}
应该成为:
#include< iostream>
#include< string>
#include< cctype>
int main()
{
使用命名空间std;
字符串s;
while(cin&& s.size()< s.max_size())
{
char c;
cin>> c;
如果(isspace(c))
继续;
s.push_back(c);
}
// ...
}
Ioannis Vranos<无线电通信/>
我很困惑。对于s.size()来说,甚至*可能*的值比s.max_size()更大吗?
?这似乎违反了max的概念,
不是吗?所以,流媒体操作员不应该首先阻止s.size()从
超过s.max_size(),对
进行任何此类检查你的部分多余?
我知道在填充数组时检查缓冲区溢出很重要,
但我认为使用字符串类的优点之一
流媒体运营商是为了防范这些事情。
但是对于填充阵列,我同意你的设计,你添加一个
一次
字符。试着看看你是否*已经*超出了b $ b b内存是愚蠢的。
-Howard
2004年4月13日星期二14:59:35 + 0300 comp.lang.c ++,Ioannis Vranos
< iv*@guesswh.at.emails .RU>写道,如果我们希望我们的程序能够防止缓冲区溢出,我们是否必须明确检查各种容器的大小?
您需要确保检查尺寸。
它是多么明确,是另一回事。
string s;
while(cin>> s)
这里std :: string及其运算符>>做检查。
所以,它不需要明确。
If we want our programs to be protected against buffer overflows, must we
check the size of the various containers explicitly?
E.g.
#include <iostream>
#include <string>
int main()
{
using namespace std;
string s;
while(cin>>s)
;
// ...
}
should become:
#include <iostream>
#include <string>
#include <cctype>
int main()
{
using namespace std;
string s;
while(cin && s.size()<s.max_size())
{
char c;
cin>>c;
if(isspace(c))
continue;
s.push_back(c);
}
// ...
}
Ioannis Vranos
"Ioannis Vranos" <iv*@guesswh.at.emails.ru> wrote in message
news:c5***********@ulysses.noc.ntua.gr...If we want our programs to be protected against buffer overflows, must we
check the size of the various containers explicitly?
E.g.
#include <iostream>
#include <string>
int main()
{
using namespace std;
string s, temp;
while(cin>>temp)
s+=temp;
// ...
}
should become:
#include <iostream>
#include <string>
#include <cctype>
int main()
{
using namespace std;
string s;
while(cin && s.size()<s.max_size())
{
char c;
cin>>c;
if(isspace(c))
continue;
s.push_back(c);
}
// ...
}
Ioannis Vranos
I''m puzzled. Is it even *possible* for s.size() to have a value greater
than s.max_size()? That would seem to violate the concept of "max",
wouldn''t it? So, shouldn''t the streaming operator prevent s.size() from
ever exceeding s.max_size() in the first place, making any such check on
your part redundant?
I know that checking for buffer overruns is important when filling arrays,
but I would think one of the advantages of using a string class and
streaming operators is to protect against such things.
But for filling arrays, I''d agree on your design, where you add one
character at a time. It''s silly to try to see if you''ve *already* overrun
memory.
-Howard
On Tue, 13 Apr 2004 14:59:35 +0300 in comp.lang.c++, "Ioannis Vranos"
<iv*@guesswh.at.emails.ru> wrote,If we want our programs to be protected against buffer overflows, must we
check the size of the various containers explicitly?
You need to ensure that the sizes are checked.
How explicit it is, is another matter.
string s;
while(cin>>s)
Here std::string and its operator>> do the checking.
So, it does not need to be explicit.
这篇关于缓冲区溢出保护的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
