[taylorc8]

I'm trying to get a double value from console and having problems with a buffer overflow.

double value=0.0;
cin >> value;	// this is exploitable code

what way should something like this be written? It's pretty important if anyone is to do anything at all that asks a user for input.

This post has been edited by taylorc8: 07 October 2009 - 06:30 PM

[NickDMax]

Don't ask cin to parse the integer. Get the data as a string and then parse from there. cin.getline(str, size) lets you limit what is taken in all at once. Another way you can limit what cin tries to read is using the manipulator setw().

Though to be honest cin should not be throwing a buffer overflow for parsing a double...

[NickDMax]

I ran a number of tests and I can't get a buffer overrun on cin >> dbl. If you are having touble with this I would say that there is a 90% chance that the error is in your code and not the standard library.

[taylorc8]

I would like to post a file, watch what happens when you input a large value, i really would like to know why this is, perhaps i have missed something important on the way..

i compiled this in visual studio 2008, it would help if someone would compile this and tell me why bad things happen when you type a string instead of a number at the cin >> select
how to fix that would be nice too, of course you could use something like
atoi() to convert a string to an int for that, but how do i convert a string to a double? is it the atol() one? atof() will work for float

[KYA]

What line is throwing the buffer overflow? Also, how is your.rec (I assume a text file with another extension?) formatted?

Also, you're using goto--YUCK.

This post has been edited by KYA: 07 October 2009 - 07:42 PM

[taylorc8]

KYA, on 7 Oct, 2009 - 06:42 PM, said:

What line is throwing the buffer overflow? Also, how is your.rec (I assume a text file with another extension?) formatted?

Also, you're using goto--YUCK.

if you add some values it will make .rec (txt file) formatted as

entry1
entry2
entry3

it works fine for me as long as you don't put something weird into the select at the

cin >> select;

that part right there throws it into infinite loop and i haven't been able to handle that error correctly yet, i assume something is up with using cin >> for storing a value in that int
it seems like the compiler is working against me on this

[KYA]

That's not a buffer overflow that's a fault the cin has. A solution has already been provided, read a string and parse it.

Another option is to use an istream check

A buffer overflow is intentionally overflowing the buffer to gain access to the system; generally to run malicious code.

[taylorc8]

thank you for that clarification, what ways of parsing strings do we have available to us that are standard?

I'm thinking of switching to C# fairly soon, any thoughts on this?

[KYA]

atof()

Example:

int main(){
	string str;
	double value;
	cout << "Enter a number please: ";
	getline(cin, str);
	value = atof(str.c_str());
	cout << "Value parsed: " << value << endl;
	return 0;
}

As for the language switch, it doesn't matter. There are more built in parsing things in C# (just like in Java). It is ultimately irrelevant though, all languages are merely tools of which to solve problems.

[taylorc8]

Thank you greatly for your help with this!