This is C.
1. My question is how would I read in an integer securely from stdin.
I saw the following snippets:
http://www.daniweb.com/code/snippet441.html
http://www.daniweb.com/code/snippet597.html
Would those functions protect from integer overflows/underflows AND format string attacks?
2. What about strings?
Does a simple use of fgets protect from buffer overflows AND format string attacks?
Jump to PostWould those functions protect from integer overflows/underflows
yes -- did you read those links you posted?
AND format string attacks?
:?: are we playing packman game here?
2. What about strings?
Does a simple use of fgets protect from buffer overflows AND format string attacks?buffer overflows -- yes. Again, …
Would those functions protect from integer overflows/underflows
yes -- did you read those links you posted?
AND format string attacks?
:?: are we playing packman game here?
2. What about strings?
Does a simple use of fgets protect from buffer overflows AND format string attacks?
buffer overflows -- yes. Again, I don't know what a "string attack" is.
> Does a simple use of fgets protect from buffer overflows
Only so long as you're honest about the size of your buffer.
char buff[10];
fgets( buff, 100, stdin );Isn't any better than gets()
OK, it's limited damage compared to gets(), but it's still a hell of a lot worse than no damage at all.
> AND format string attacks?
fgets() doesn't use format strings, so it's not an issue.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.