我目前正在研究一个基于C的日志解析器(制作原始基于bash的日志解析器的C版本),我想知道如果有拙劣的输入,我应该如何防止缓冲区溢出,几乎只是一种方式,当内存不足时自动停止程序,我也提供了下面的代码,谢谢!
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define _GNU_SOURCE
void main(int argc, char *argv[], char *envp[])
{
FILE *fd;
char *name;
name = getenv("MCEXEC_PLAYERNAME");
char *filename;
filename = malloc(sizeof "/home/minecraft/freedonia/playerdata/deathlog-.txt" - 1 + strlen(name) + 1);
if (!filename) exit(EXIT_FAILURE);
sprintf(filename,"/home/minecraft/freedonia/playerdata/deathlog-%s.txt",name);
char buff[1024];
if ((fd = fopen(filename, "r")) != NULL)
{
fseek(fd, 0, SEEK_SET);
while(!feof(fd))
{
memset(buff, 0x00, 1024);
fscanf(fd, "%[^\n]\n", buff);
}
printf("%s\n", buff);
}
else
printf( "fail" );
}
下面的代码是尝试实现fgets和scanf,但是当我运行程序时,它只是坐在那里而不显示任何输出
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define _GNU_SOURCE
void main(int argc, char *argv[], char *envp[])
{
FILE *fd;
char *name;
name = getenv("MCEXEC_PLAYERNAME");
char *filename;
filename = malloc(sizeof "/home/minecraft/freedonia/playerdata/deathlog-.txt" - 1 + strlen(name) + 1);
if (!filename) exit(EXIT_FAILURE);
sprintf(filename,"/home/minecraft/freedonia/playerdata/deathlog-%s.txt",name);
char *buff;
buff = malloc(1024);
char *finbuff;
finbuff = malloc(1024);
if ((fd = fopen(filename, "r")) != NULL)
{
fseek(fd, 0, SEEK_SET);
while(!feof(fd))
{
memset(buff, 0x00, 1024);
memset(finbuff, 0x00, 1024);
// fscanf(fd, "%[^\n]\n", buff);
fgets(buff, 1024, fd);
scanf(buff, "%[^\n]\n", finbuff);
}
printf("%s\n", finbuff);
}
else
printf( "fail" );
}
而不是使用fscanf,你应该使用fgets和sscanf...的组合,你的优点fgets()是你可以指定读取的最大字节数,防止缓冲区溢出.其次,替换sprintf为snprintf.
防止缓冲区溢出的基本方法是避免写入缓冲区的函数,而不指定要写入的最大字节数.