Loop ending condition is not working - C - c

I have a homework regarding dynamic arrays, therefore I was trying to understand how it works with simple programs.
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int main()
{
int cnt,i=0;
char temp[1001];
char *obj[5];
scanf("%d",cnt);
while(i<cnt){
scanf("%s",temp);
obj[i]=malloc(sizeof(char)*(strlen(temp)+1));
obj[i]=temp;
printf("%s\n",obj[i]);
printf("%d\n",i);
i++;
}
return 0;
}
When i get the "cnt" to be equal to 5, by reading from stdin, the program is running forever, though ending condition meets. But when i get the "cnt" to be equal to 5, by assigning it, at the very beginning of the program (not by using scanf) the program works just fine.
What might be the reason for this?

This:
scanf("%d",cnt);
should be:
/* Always check return value of scanf(),
which returns the number of assignments made,
to ensure the variables have been assigned a value. */
if (scanf("%d",&cnt) == 1)
{
}
as scanf() requires the address of cnt.
Also:
Don't cast result of malloc().
sizeof(char) is guaranteed to be 1 so can be omitted from the space calculation in malloc().
Check result of malloc() to ensure memory was allocated.
free() whatever was malloc()d.
Prevent buffer overrun with scanf("%s") by specifying the maximum number of characters to read, which must be one less than the target buffer to allow a space for the terminating null character. In your case scanf("%1000s", temp).
There is no protection for out of bounds access on the array obj. The while loop's terminating condition is i<cnt but if cnt > 5 the an out of bounds access will occur, causing undefined behaviour.
This assigns the address of temp to obj[i]:
obj[i]=temp;
it does not copy (and causes a memory leak). Use strcpy() instead:
obj[i] = malloc(strlen(temp) +1 );
if (obj[i])
{
strcpy(obj[i], temp);
}

you should use this
scanf("%d",&cnt);
BTW:
scanf("%s",temp);
is used in a while loop to read your strings. you have to add space at the beginning of the format specifier to avoid the newline problems. it should be " %s"

Undefined behavior. You need to pass the address of the variable to scanf():
scanf("%d", &cnt);
But you better not use scanf() anyway. fgets() is simpler and safer to use.

Related

Sigabrt error in c programing

plz help me to remove SIBABRT error for the following code,plz suggest me why this error occurs even after getting correct output
#include<stdio.h>
#include<string.h>
int main()
{
char x[25],y[25];
int i,j=0;
scanf("%s",x);
for(i=0;i<strlen(x);i++)
{
if(x[i]>=97 && x[i]<=122)
{
y[j]=x[i]-32;
j++;
}
else if(x[i]>=65 && x[i]<=90)
{
y[j]=x[i]+32;
j++;
}
}
printf("%s",y);}
Think of the difference between the source and the destination array, something is missing in the destination. The null-terminator.
Note: Both the arrays are local variable with automatic storage and unless initialized explicitly, their content is indeterminate.
Without a null-terminator in place, printf() will go out of bound for the supplied array while printing with %s which invokes undefined behavior.
The easiest way to handle this is zero-initilize the arrays, like
char x[25] = {0} ,y[25] = {0};
which makes all the elements of the arrays set to 0, and the same value being used as null-terminator, you are not required to add one manually to the destination array.
Also, FWIW,
You should length-limit the input to prevent buffer overflow from longer than expected input, using something along the line scanf("%24s",x);
better to use fgets() to take the user input. If, iff, you have to use scanf(),you can use it but please use proper error checking.
If the input is less than 25 characters, then the string will be null terminated. If the size exceeds the array size specified then it overwrites the memory not belonging to the array.
So fgets() is the alternative for scanf() in such case.

Bus error caused while reading in a string

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
int main() {
char *input = (char *)malloc(sizeof(char));
input = "\0";
while (1){
scanf("%s\n", input);
if (strcmp(input, "0 0 0") == 0) break;
printf("%s\n",input);
}
}
I'm trying to read in a string of integers until "0 0 0" is entered in.
The program spits out bus error as soon as it executes the scanf line, and I have no clue how to fix it.
Below is the error log.
[1] 59443 bus error
You set input to point to the first element of a string literal (while leaking the recently allocated buffer):
input = "\0"; // now the malloc'd buffer is lost
Then you try to modify said literal:
scanf("%s\n", input);
That is undefined behaviour. You can't write to that location. You can fix that problem by removing the first line, input = "\0";.
Next, note that you're only allocating space for one character:
char *input = (char *)malloc(sizeof(char));
Once you fix the memory leak and the undefined behaviour, you can think about allocating more space. How much space you need is for you to say, but you need enough to contain the longest string you want to read in plus an extra character for the null terminator. For example,
char *input = malloc(257);
would allow you to read in strings up to 256 characters long.
The immediate problem, (thanks to another answer) is that you're initializing input wrong, by pointing it at read-only data, then later trying to write to it via scanf. (Yes, even the lowly literal "" is a pointer to a memory area where the empty string is stored.)
The next problem is semantic: there's no point in trying to initialize it when scanf() will soon overwrite whatever you put there. But if you wanted to, a valid way is input[0] = '\0', which would be appropriate for, say, a loop using strcat().
And finally, waiting in the wings to bite you is a deeper issue: You need to understand malloc() and sizeof() better. You're only allocating enough space for one character, then overrunning the 1-char buffer with a string of arbitrary length (up to the maximum that your terminal will allow on a line.)
A rough cut would be to allocate far more, say 256 chars, than you'll ever need, but scanf is an awful function for this reason -- makes buffer overruns painfully easy especially for novices. I'll leave it to others to suggest alternatives.
Interestingly, the type of crash can indicate something about what you did wrong. A Bus error often relates to modifying read-only memory (which is still a mapped page), such as you're trying to do, but a Segmentation Violation often indicates overrunning a buffer of a writable memory range, by hitting an unmapped page.
input = "\0";
is wrong.
'input' is pointer, not memory.
"\0" is string, not char.
You assigning pointer to a new value which points to a segment of memory which holds constants because "\0" is constant string literal.
Now when you are trying to modify this constant memory, you are getting bus error which is expected.
In your case i assume you wanted to initialize 'input' with empty string.
Use
input[0]='\0';
note single quotes around 0.
Next problem is malloc:
char *input = (char *)malloc(sizeof(char));
you are allocating memory for 1 character only.
When user will enter "0 0 0" which is 5 characters + zero you will get buffer overflow and will probably corrupt some innocent variable.
Allocate enough memory upfront to store all user input. Usual values are 256, 8192 bytes it doesn't matter.
Then,
scanf("%s\n", input);
may still overrun the buffer if user enters alot of text. Use fgets(buf, limit(like 8192), stdin), that would be safer.

Using getchar() and malloc() together

I found a C Program whose purpose is to input a string while using dynamic memory allocation.
However I am having difficulty understanding the logic behind it.
#include <stdio.h>
#include <stdlib.h>
#define MAX 10
int main(void)
{
char *A;
int max_int=0;
printf("Enter max string length: ");
scanf("%d",&max_int);
while ((getchar())!='\n');
A=(char *)malloc(max_int+1); //room for null char
printf("Enter string: ");
fgets(A,max_int,stdin);
}
What is the purpose of while ((getchar())!='\n'); ? It seems redundant to me, since your only inputing a number before it gets called.
while ((getchar())!='\n');
The above line is used to flush anything on the line not read by scanf, for example non-digits and spaces, so the next input starts in a new line.
Also:
scanf-call should check the number of assigned matches (0 matches is possible.
the result of malloc should never be cast (that just hides bugs).
the result of malloc should be checked for NULL. (Warning: Undefined Behavior)
fgets expects the buffer length and guarantees 0-termination. Passing one less means you get a shorter string.

Can't find where is the segmentation fault in C program

#include<stdio.h>
#include<string.h>
int main()
{
char a[1000000];
int i,j;
int arr[1000000];
gets(a);
unsigned long int len=strlen(a);
if(len<1000000){
for(i=0,j=len-1;i<len&&j>=0;i++,j--)
arr[j]=a[i]-'0';
}
return 0;
}
I am using this code to store the number entered through keyboard into an integer array.But it keeps giving me segmentation fault.I don't know where it is.Plus I've heard gets() isn't a good option,
But I don't know how to use the alternative way to do it. It seems to be a fairly simple code.
Can anyone point where memory is leaking and why?
I have used the debugger on Code::Blocks,the call stack is empty.
The alternative to gets it's fgets:
fgets(a, sizeof(a), stdin);
You have placed two very large arrays on the stack. It's unlikely that your process was launched with a large enough stack (over 5MB). The arrays a and arr should be dynamically allocated using malloc() or calloc() and freed later using free().
Define your array a as follows:
char a[ 1000000 ] = { 0 };
The convention in C for strings is to have a NULL terminator. This ensures two things:
a does not take on values from a previous stack frame.
a has a NULL terminator at the end.
Remark:
Having an array of length 1 million will exhaust your call stack quite quickly.
Consider using a dynamic array to be more space efficient. You would need to read one byte at a time from stdin until EOF or new line is sent, implemented as follows:
for ( int byte = getchar(); byte != EOF && byte != '\n'; byte = getchar() ) {
dynarray_Add( dynArray, byte );
}
... where dynArray_Add would be some function that adds a character to your array of characters and performs the appropriately doubling when the length has reached the capacity.
If you are unfamiliar with a dynamic array, read more here.
There are a number of issues with your code. The most obvious is that you're allocating a huge amount of memory on the stack, which is a bad idea even if it isn't causing a problem in itself. You're also using an old, unsafe function (gets) and you're not doing appropriate error checking.
fgets is almost a drop-in replacement for gets, and it has better safety. Simply call it with fgets( a, 1000000, stdin ), and it will never overrun the size of your buffer. Check the return value against NULL and you won't have uninitialised memory issues. Use malloc to get memory and you won't have stack size issues (don't forget to free!). Finally, don't use ints for your loop when the length is stored as an unsigned long! In this case the size of the buffer means it can't be an infinite loop but it's still bad style (also I think you want size_t not unsigned long - They just happen to be the same on your system).

Null termination of char array

Consider following case:
#include<stdio.h>
int main()
{
char A[5];
scanf("%s",A);
printf("%s",A);
}
My question is if char A[5] contains only two characters. Say "ab", then A[0]='a', A[1]='b' and A[2]='\0'.
But if the input is say, "abcde" then where is '\0' in that case. Will A[5] contain '\0'?
If yes, why?
sizeof(A) will always return 5 as answer. Then when the array is full, is there an extra byte reserved for '\0' which sizeof() doesn't count?
If you type more than four characters then the extra characters and the null terminator will be written outside the end of the array, overwriting memory not belonging to the array. This is a buffer overflow.
C does not prevent you from clobbering memory you don't own. This results in undefined behavior. Your program could do anything—it could crash, it could silently trash other variables and cause confusing behavior, it could be harmless, or anything else. Notice that there's no guarantee that your program will either work reliably or crash reliably. You can't even depend on it crashing immediately.
This is a great example of why scanf("%s") is dangerous and should never be used. It doesn't know about the size of your array which means there is no way to use it safely. Instead, avoid scanf and use something safer, like fgets():
fgets() reads in at most one less than size characters from stream and stores them into the buffer pointed to by s. Reading stops after an EOF or a newline. If a newline is read, it is stored into the buffer. A terminating null byte ('\0') is stored after the last character in the buffer.
Example:
if (fgets(A, sizeof A, stdin) == NULL) {
/* error reading input */
}
Annoyingly, fgets() will leave a trailing newline character ('\n') at the end of the array. So you may also want code to remove it.
size_t length = strlen(A);
if (A[length - 1] == '\n') {
A[length - 1] = '\0';
}
Ugh. A simple (but broken) scanf("%s") has turned into a 7 line monstrosity. And that's the second lesson of the day: C is not good at I/O and string handling. It can be done, and it can be done safely, but C will kick and scream the whole time.
As already pointed out - you have to define/allocate an array of length N + 1 in order to store N chars correctly. It is possible to limit the amount of characters read by scanf. In your example it would be:
scanf("%4s", A);
in order to read max. 4 chars from stdin.
character arrays in c are merely pointers to blocks of memory. If you tell the compiler to reserve 5 bytes for characters, it does. If you try to put more then 5 bytes in there, it will just overwrite the memory past the 5 bytes you reserved.
That is why c can have serious security implementations. You have to know that you are only going to write 4 characters + a \0. C will let you overwrite memory until the program crashes.
Please don't think of char foo[5] as a string. Think of it as a spot to put 5 bytes. You can store 5 characters in there without a null, but you have to remember you need to do a memcpy(otherCharArray, foo, 5) and not use strcpy. You also have to know that the otherCharArray has enough space for those 5 bytes.
You'll end up with undefined behaviour.
As you say, the size of A will always be 5, so if you read 5 or more chars, scanf will try to write to a memory, that it's not supposed to modify.
And no, there's no reserved space/char for the \0 symbol.
Any string greater than 4 characters in length will cause scanf to write beyond the bounds of the array. The resulting behavior is undefined and, if you're lucky, will cause your program to crash.
If you're wondering why scanf doesn't stop writing strings that are too long to be stored in the array A, it's because there's no way for scanf to know sizeof(A) is 5. When you pass an array as the parameter to a C function, the array decays to a pointer pointing to the first element in the array. So, there's no way to query the size of the array within the function.
In order to limit the number of characters read into the array use
scanf("%4s", A);
There isn't a character that is reserved, so you must be careful not to fill the entire array to the point it can't be null terminated. Char functions rely on the null terminator, and you will get disastrous results from them if you find yourself in the situation you describe.
Much C code that you'll see will use the 'n' derivatives of functions such as strncpy. From that man page you can read:
The strcpy() and strncpy() functions return s1. The stpcpy() and
stpncpy() functions return a
pointer to the terminating `\0' character of s1. If stpncpy() does not terminate s1 with a NUL
character, it instead returns a pointer to s1[n] (which does not necessarily refer to a valid mem-
ory location.)
strlen also relies on the null character to determine the length of a character buffer. If and when you're missing that character, you will get incorrect results.
the null character is used for the termination of array. it is at the end of the array and shows that the array is end at that point. the array automatically make last character as null character so that the compiler can easily understand that the array is ended.
\0 is an terminator operator which terminates itself when array is full
if array is not full then \0 will be at the end of the array
when you enter a string it will read from the end of the array

Resources