944,123 Members | Top Members by Rank

Software Development > C++ > Is C++ unsafe? What'wrong of this codeblock?
Ad:
  • C++ Discussion Thread
  • Marked Solved
  • Views: 2458
  • C++ RSS
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Jun 11th, 2007
0

Is C++ unsafe? What'wrong of this codeblock?

Expand Post »
Hi,sir.I encounterred a person who said that C++ is an unsafe language.I try the follow code ,but when I input an non-int type,the program will fall in a bad loop.(gcc4.1 in Linux)

C++ Syntax (Toggle Plain Text)
  1. #include <iostream>
  2. #include <string>
  3.  
  4. using namespace std;
  5. class bot
  6. {
  7. private:
  8.     int password;
  9. public:
  10.     bot():password(567){}
  11.     virtual ~bot(){};
  12.     bool checkpwd(const int pwd)
  13.       {return (password == pwd);}
  14. };
  15.  
  16. int s;
  17. bot b;
  18.  
  19. int main()
  20. {
  21.     for(;;)
  22.      {
  23.        cout<<"Enter password:";
  24.        cin>>s;
  25.  
  26.        if(b.checkpwd(s))
  27.          {
  28.             cout<<"Access permitted"<<endl<<endl;
  29.             break;
  30.           }
  31.          else
  32.              cout<<"Access denied"<<endl<<endl;
  33.         }
  34. return 0;
  35. }

I wanner whether the type int is unsafe or the C++'s object in unsafe? If I use string type to define the password,there won't be this error.And I know that this code is not a good C++ program,for testing this problem,so I do it.
Help me,please^_^
Thank you very much!
Similar Threads
Reputation Points: 10
Solved Threads: 0
Light Poster
meiyantao is offline Offline
31 posts
since May 2007
Permalink
Jun 11th, 2007
0

Re: Is C++ unsafe? What'wrong of this codeblock?

>I encounterred a person who said that C++ is an unsafe language.
It is and it isn't. C++ doesn't do much to protect you from doing something wrong, so in that light it's an unsafe language. However, if you do things right, it's perfectly safe. I'd say that person was wrong for making such an absolute and general statement, but a lot of absolute and general statements have some ring of truth.

>but when I input an non-int type,the program will fall in a bad loop.
That's because the code isn't written to handle unexpected input. In this case, cin expects a valid integer. If you don't give it a valid integer, it goes into an error state and won't let you read any more input until the errors are corrected and the error state is cleared. This isn't a case of C++ being unsafe, it's a case of the author not knowing how to properly handle I/O in C++. Try this:
C++ Syntax (Toggle Plain Text)
  1. #include <iostream>
  2. #include <string>
  3. #include <ios>    // for streamsize
  4. #include <limits> // for numeric_limits
  5.  
  6. using namespace std;
  7. class bot
  8. {
  9. private:
  10.   int password;
  11. public:
  12.   bot():password(567){}
  13.   virtual ~bot(){};
  14.   bool checkpwd(const int pwd)
  15.   {return (password == pwd);}
  16. };
  17.  
  18. int s;
  19. bot b;
  20.  
  21. int main()
  22. {
  23.   for(;;)
  24.   {
  25.     cout<<"Enter password: ";
  26.  
  27.     if ( cin>>s ) {
  28.  
  29.       if(b.checkpwd(s))
  30.       {
  31.         cout<<"Access permitted"<<endl<<endl;
  32.         break;
  33.       }
  34.       else
  35.         cout<<"Access denied"<<endl<<endl;
  36.     }
  37.     else if ( !cin.eof() ) {
  38.       // Notify the user
  39.       cerr<<"Invalid password\n";
  40.  
  41.       // Clear the error state
  42.       cin.clear();
  43.  
  44.       // Remove the bad input
  45.       cin.ignore ( numeric_limits<streamsize>::max(), '\n' );
  46.     }
  47.     else {
  48.       // The user entered EOF; assume he wants to exit
  49.       break;
  50.     }
  51.   }
  52.   return 0;
  53. }
Administrator
Reputation Points: 6442
Solved Threads: 1393
Bad Cop
Narue is offline Offline
11,807 posts
since Sep 2004
Permalink
Jun 11th, 2007
0

Re: Is C++ unsafe? What'wrong of this codeblock?

Thank you very much!
Reputation Points: 10
Solved Threads: 0
Light Poster
meiyantao is offline Offline
31 posts
since May 2007
Permalink
Jun 11th, 2007
0

Re: Is C++ unsafe? What'wrong of this codeblock?

If your password actually needs to be an integer, which I doubt it needs to be, you be would better taking the input as a string and then converting it to an integer, after parsing out the crap.
Featured Poster
Reputation Points: 1536
Solved Threads: 431
Posting Expert
iamthwee is offline Offline
5,865 posts
since Aug 2005
Permalink
Jun 12th, 2007
0

Re: Is C++ unsafe? What'wrong of this codeblock?

Click to Expand / Collapse  Quote originally posted by iamthwee ...
If your password actually needs to be an integer, which I doubt it needs to be, you be would better taking the input as a string and then converting it to an integer, after parsing out the crap.
Ah,this thread is not about how to design the password,but how about the C++ 's safty. C and C++ can not prevent the memory from overflowing,so I want to know how to defend it by myself.

At first that code is like this:
C++ Syntax (Toggle Plain Text)
  1. #include <iostream>
  2. #include <string.h>
  3. using namespace std;
  4. class bot
  5. {
  6. private:
  7. char password[8];
  8. public:
  9. bot(){strcpy(password, "abc");};
  10. virtual ~bot(){};
  11. bool checkpwd(const char *pwd){return (!strcmp(password, pwd));};
  12. };
  13. char s[8];
  14. bot b;
  15. int main()
  16. {
  17.   for(;;)
  18.   {
  19.     cout << "Enter password: ";
  20.     cin >> s;
  21.     if (b.checkpwd(s))
  22.     {
  23.       cout << "Access permitted.\n\n";
  24.       break;
  25.     }
  26.     else
  27.       cout << "Access denied.\n\n";
  28.   }
  29.   return 0;
  30. }

Ah,the author may not know well about C++ .
In that code,the problem is not about the type safe,but a memory buffer overflowing.If you input over twenty charactors,the password will be modified by after the 12th charactors.

Do you have any good idears to prevent it?help me please!
Thank you!
Reputation Points: 10
Solved Threads: 0
Light Poster
meiyantao is offline Offline
31 posts
since May 2007
Permalink
Jun 12th, 2007
0

Re: Is C++ unsafe? What'wrong of this codeblock?

> Do you have any good idears to prevent it?help me please!
Yes, you use fgets() in C, and getline() in C++
Both of which allow you to specify the maximum length of input.

> C and C++ can not prevent the memory from overflowing
Only if you use the poorer archaic API calls which are inhertited from history.

Once again, read EVERYTHING as a string using one of the API calls which specifies a length. Once you have the string in memory, with a known length, then you can make the right choices as to what to do with it.
Team Colleague
Reputation Points: 5862
Solved Threads: 950
Posting Sage
Salem is offline Offline
7,164 posts
since Dec 2005
Permalink
Jun 12th, 2007
0

Re: Is C++ unsafe? What'wrong of this codeblock?

C++ Syntax (Toggle Plain Text)
  1.  bot():password(567){}
Can anyone tell me what this particular line does...
I am totally baffled!!
Reputation Points: 15
Solved Threads: 11
Junior Poster
bala24 is offline Offline
125 posts
since Oct 2006
Permalink
Jun 12th, 2007
0

Re: Is C++ unsafe? What'wrong of this codeblock?

>Do you have any good idears to prevent it?
Yes, if you have code that looks like cin>> s where s is an array, it's wrong. As you've seen, that doesn't protect against a buffer overflow. You can fix it by setting a maximum field width if you really have to use the >> operator:
C++ Syntax (Toggle Plain Text)
  1. #include <iostream>
  2. #include <iomanip>
  3.  
  4. int main()
  5. {
  6.   char buffer[5];
  7.  
  8.   std::cin>> std::setw ( 5 ) >> buffer;
  9.   std::cout<< buffer;
  10. }
But for reading strings, the getline method is often a much better choice:
C++ Syntax (Toggle Plain Text)
  1. #include <iostream>
  2.  
  3. int main()
  4. {
  5.   char buffer[5];
  6.  
  7.   std::cin.getline ( buffer, sizeof buffer );
  8.   std::cout<< buffer;
  9. }
>Can anyone tell me what this particular line does...
It's an initialization list for the class constructor. You can get the same effect (in this case) with this code:
C++ Syntax (Toggle Plain Text)
  1. bot()
  2. {
  3.   password = 567;
  4. }
Administrator
Reputation Points: 6442
Solved Threads: 1393
Bad Cop
Narue is offline Offline
11,807 posts
since Sep 2004
Permalink
Jun 13th, 2007
0

Re: Is C++ unsafe? What'wrong of this codeblock?

Click to Expand / Collapse  Quote originally posted by bala24 ...
C++ Syntax (Toggle Plain Text)
  1.  bot():password(567){}
Can anyone tell me what this particular line does...
I am totally baffled!!
This is a initialization member list which is always in the constructor to initialize the class' data member when it is declaring. There's some different from initializing it in the constructor. The latter you do will initialize the data member after all the data members have been delared.
Ah,I am sorry of that my English is so poor that I can't use it to make you understand . You have to look at "C++ Primer" to study it.

Sorry
Reputation Points: 10
Solved Threads: 0
Light Poster
meiyantao is offline Offline
31 posts
since May 2007
Permalink
Jun 13th, 2007
0

Re: Is C++ unsafe? What'wrong of this codeblock?

Thanks meiyanto for trying your best to explain that to me but seriously, it all went over my head thanks to your outrageous vocab...

Bt thanks anyways..

>It's an initialization list for the class constructor.

I believe this one was new to me..

Where would i be if not for the Daniweb experts ??
Thanks again..
Reputation Points: 15
Solved Threads: 11
Junior Poster
bala24 is offline Offline
125 posts
since Oct 2006

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in C++ Forum Timeline: How do I put my output in colums of 4?
Next Thread in C++ Forum Timeline: Simple solution to database





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC