What are you working on, Sup Forums?
Previous thread:
/dpt/ - Daily Programming Thread
Austin Myers
Other urls found in this thread:
linux.die.net
nationalcybersecurityinstitute.org
faculty.salina.k-state.edu
freebsd.org
twitter.com
Luke Martinez
Because those functions are unsafe. Use strnlen and strlcpy.
Eli Butler
seg fault still. i think its in the realloc block, wtf
#include
#include
#include
#include
int main()
{
DIR *d;
struct dirent *dir;
size_t nfiles = 0, capacity = 8;
char **filelist = malloc(sizeof(char *) * capacity);
char *tmp;
d = opendir("/home/nick/Pictures");
if (d)
{
while ((dir = readdir(d)) != NULL)
{
if (nfiles == capacity)
{
capacity *= 2;
filelist = realloc(filelist, sizeof(char *) * capacity);
}
if (dir->d_type == DT_REG)
{
tmp = dir->d_name;
filelist[nfiles] = malloc(strlen(tmp) + 1);
strcpy(filelist[nfiles], tmp);
printf("%s\n", filelist[nfiles]);
nfiles++;
}
}
}
for (size_t i = 0; i < nfiles; i++)
printf("%s\n", filelist[nfiles]);
//Free allocated memory
for (size_t i = 0; i < nfiles; i++)
free(filelist[i]);
free(filelist);
return 0;
}
Jayden Young
>(dir = readdir(d))
linux.die.net
Liam Hughes
I'll never use any of these "safe" shitfuncs.
All they do is encourage to sweep the string truncation bugs under the carpet, instead of fixing them.
Run towards bugs, not away from bugs.
John Reyes
Enjoy your buffer overflows.
Cooper Williams
This, a buffer overflow is more serious than a string truncation.
Austin Kelly
>Run towards bugs, not away from bugs.
This is what C "developers" actually believe!
Connor Cooper
USE GDB OR VALGRIND YOU FUCKING PLEB
William Hill
A buffer overflow has a chance to be detected because there is testing, debugging, fuzzing. A string truncation stays undetected because it's under the carpet forever.
Thank you for the advice Rajesh
Brody Howard
>for (size_t i = 0; i < nfiles; i++)
> printf("%s\n", filelist[nfiles]);
kek
Ethan Martin
>C programmer does not check if malloc or realloc fails.
Why am I not surprised.
Nolan Stewart
haha
Noah Reed
that's one smug akari
Aiden Martinez
why does google search always put the duplicate stack overflow questions first
Jordan Anderson
>unironically arguing that a string truncation is more serious than a buffer overflow
You obviously haven't the slightest idea what the grave consequences of the existence of a single buffer overflow are.
>A string truncation stays undetected because it's under the carpet forever.
What is data flow testing?
Why do we allow rookies like this guy to post opinionated comments?
Aiden Robinson
Because they are more recent?
Brody Cruz
Buffer overflows are literally harmless, your program just segfaults and quits.
String truncations make you lose data.
Now fuck off.
Aiden Howard
>Buffer overflows are literally harmless
go back to r*eddit
Jacob Turner
smarter than my compiler
Adam Rodriguez
Somebody please tell me I just didn't read this...
Oliver Perez
In the future it will be true.
Juan Morales
what do you mean?
Juan Powell
But he's right user
Aiden Martin
Repost from:
I've got an AGPL-licensed server. Its a game server but I don't want to release the game's content - just the source code of the engine. Is it OK to license the server's code with AGPL, but make it so that the Lua scripts that will be used on my own server will not be public (if the server is still runnable without those scripts, just not with the same content)?
Tyler Campbell
Thank you. I feel dumb but still segmentation fault. Don't bother helping anymore, im deleting c
Logan Martinez
I mean just admit you lost the argument already instead of using a reductio ad reddittum.
Alexander Rivera
Evan Diaz
>using a language invented before memory protection was a thing
>complaining about segmentation faults
You brought this upon yourself, user.
Christopher Perry
If you wrote the game server then yes. They're separate things and it's your software. You aren't bound by licenses for your software, only your customers are.
If you didn't write the game server and only wrote the scripts then no.
Ryder Gomez
i'm not the same person, newfriend
Aaron Smith
>deleting c
James Wood
Right. Well, obviously I am the author of the server. I want people to be able to mod the server and make their own content, but not use the same content I use. Cheers.
Kayden Wright
source on the porn
Levi Hall
What kind of moron does't know how to catch stack overflow bugs in C in 2017?
Lucas Davis
these bus can be silent.
Tyler Wilson
In exceptional circumstances yes.
There's worse bugs to worry about though. Especially with security conscious applications.
Kevin Powell
I've lost my fucking motivation
I can't work on anything
How can I change this?
Lucas Wright
time to use Rust
Matthew Smith
Take a long walk. Go dancing. Work on something practical.
Christian King
>In exceptional circumstances yes.
not so exceptional, exploits using bufferoverflow are reported every day.
Sebastian Johnson
>exploits using bufferoverflow are reported every day.
They're morons. Most likely.
Sanitizing input is trivial.
Ryder Thomas
>trusting documentation from fucking Microsoft
Nigga, if you ever unironically use strlen, then you are asking for buffer overflow vulnerabilities in your software. 'Nuff said.
Ayden Brooks
Which is why they're writing software while you post about it on an online Mongolian throat-singing imageboard I suppose?
Jacob Allen
>Which is why they're writing software while you post about it on an online Mongolian throat-singing imageboard I suppose?
I write software professionally too.
Why would you assume I don't?
Caleb Diaz
>'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''professionally'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Because you're not a professional if you trivialize buffer overflows like that.
Camden Nelson
>Why would you assume I don't?
because you are on Sup Forums, on a weekday, at 1:30 pm
Samuel Cruz
>Sanitizing input is trivial.
Umm... no it isn't, user. And if you really think it is, remind me to never hire you.
Owen Ortiz
Only if you use it on untrusted data, in which case you use strnlen. I have never seen anyone say that strnlen is a replacement for strlen.
James Jenkins
>> because you are on Sup Forums, on a weekday, at 1:30 pm
> everyone lives in my timezone and there is no other timezones
Carter Fisher
>at 1:30 pm
Yeah the suns position relative to the earth is 1:30pm now. Huh, didn't notice. I suppose that's ample reason to assume. But no I'm not.
>Umm... no it isn't, user.
Your input is a format you define or a format you inherit. If you inherit it you just take another gander at the way you parse this information and look for flaws. If you make it yourself you can make it very restrained without issue and give errors for anything that doesn't conform to your spec. It's absolutely trivial.
I don't quite comprehend how someone could think it's not unless they're working in an environment where they don't know the input data they will take and will always have to do best effort attempts. OR if you've never written any input handling code before. The path is clear.
It's fucking solved.
Ryder Long
MSDN docs are widely considered to be among the best
Camden Perez
Yes it's also known for its errors in specification of the win32 api and having to discover them the hard way.
Carson Watson
Except for the strange types they put everywhere.
Gavin Parker
MSDN docs are terrible. That probably says something about how bad the rest is.
Christopher Wilson
These are the books I'm powering through right now and I'm looking for next ones to buy cause I'm making good progress. I'm curious about OP pic, should I read that front to back too?
Noah Turner
>learning python
>that brick
Why? Do they really teach you that much? I thought python was a neat small scripting language. Everything I've seen about it indicates it's not that big.
Wyatt Rodriguez
>Yes it's also known for its errors in specification of the win32 api and having to discover them the hard way.
Examples? I've always used MSDN for WinAPI docs and I've never encountered any sort of errors.
Wyatt Lewis
they are great and praised by most
Hudson Cooper
MSDN docs are pretty good. I don't know about "widely considered the best", but compared to other companies, I've consistently got the info I needed in MSDN.
Elijah Lewis
you'd be surprised
Grayson White
>go to page for API call
>function definition
>detailed list of what arguments it takes and what their functions are
>code examples
>any further notes for any specific quirks of the function
I'm not seeing the "terrible" part of it here.
Liam Mitchell
>you'd be surprised
Give me some of the advanced topics then?
Hudson Brooks
They really aren't. What's troublesome is finding what you need. They've been working on this but it's still not great. Once you find the functions/systems/whatever you need they're very neat and organized.
Anthony Hernandez
this, the best way to use MSDN is to use an external search engine to search the site, just putting a general description of what you're trying to do into google or whatever will generally bring up the relevant MSDN pages in the first few results
Lucas Robinson
>20 line app to do simple shit
>pointers to pointers all over the place
>can't figure out what's wrong
use C++, brainlet
Wyatt Howard
Who can we petition to make the code window wider?
Angel Morris
Or at least flexible/enlargeable.
Adrian Bell
How about you petition yourself to fix your stylesheets?
Stupid fuck. It's literally one simple modification.
Charles Thomas
What did he mean by this?
I don't speak autistic webshit.
Ryan Price
?
Levi Watson
I'm not even a webdev, this is basic bitch shit.
Kill yourself, brainlet.
Luis Jones
don't care about portability and only make programs for x64 linux mint
Benjamin Kelly
>code window
Like here
Robert Peterson
the C++ version would be the same but the line length would be changed to line width
Chase Perry
We should still make it better for everyone.
Why is that window not flexible??
Jonathan Hughes
see
override the prettyprint style
Oliver Howard
>using windows
kek
Levi Adams
?
John Anderson
are you retarded?
Joseph Perez
>the C++ version would be the same
not even close, especially if you use boost
Landon Watson
¯\_(ツ)_/¯
Jaxon Cook
Make these modifications default ffs.
Do it, faggots.
Brayden Brooks
Do it yourself.
Carson Barnes
Why do you want Sup Forums to be shit?
Ayden Wilson
if Sup Forums becomes good, this place will be infested with normies
Owen Barnes
>it works for the width but I wish it worked for the height also but I guess that's impossible
idk man just like stop being retarded yourself first
Jace Walker
Why do you want Sup Forums to only be infested by webshits who don't know programming?
Justin Rivera
Creating simple barriers to usability helps to promote a more knowledgeable userbase.
Sup Forums fucked up real bad when they started implementing Sup Forums X features into the actual website. Made it too accessible.
Noah Fisher
>more knowledgeable userbase.
>webshit
>useful knowledge
kys
Leo Thompson
>complains about the program being too big just to do something simple
>"use boost"
Thanks for the laugh, mate.
Evan Foster
>who don't know programming
speak for yourself. the anons who program good are only here when is around 10 pm
in Europe
Robert Brooks
This syntax is valid in C
int x;
(((x)))=1;
Ayden Gomez
>webshits
>webshit
This has nothing to do with whether or not you're a web developer. This is basic problem solving that anyone who belongs on a technology board should be able to trivially fix.
You're welcome to keep spouting off nonsense, but you've got a solution to your problem, so fuck off.
Matthew Morgan
Bullshit, there's always 10pm somewhere.
Cooper Brooks
so?
Sebastian Watson
>This has nothing to do with whether or not you're a web developer.
Believe it or not, only webshits care about this kind of stuff. No offense to webshits.
Jeremiah Bailey
It's valid in a bunch of other (((language))) too
Jack Ortiz
>mistaking memory protection with memory management
Jordan Wright
int Drumpf;
(((Drumpf)))=0;
back to Sup Forums