char buffer[100];
char buffer_size[40];
int i;
fgets(buffer_size,32,stdin);
i = atoi(buffer_size);
if(i+1 < 100)
if(i>=0)
fgets(buffer,i,stdin);
Asked
Active
Viewed 667 times
-1
-
OP, why would you delete your questions content? This might - by chance - be useful for others. And why are you sorry for asking? There is however a „thank you“ button for the person to answer your question best: it’s called „accept“ and is a green check mark. – Tobi Nary Nov 18 '17 at 14:40
-
Downvoted: please provide at least some form of context. Also this seems a lot like homework. – Tom K. Jan 03 '18 at 12:25
1 Answers
1
Well, since i could be INT_MAX (0x7FFFFFFF), which is just over 2 billion, but if you add 1 to it you get 0x80000000 (just below negative two billion, for signed ints)... that passes the test and you end up trying to fill a 100 byte buffer with up to 2 gigs of data. That's bad (and exploitable), yes.
CBHacking
- 40,303
- 3
- 74
- 98