I am writing a fuzzer that using the system() function and I need to copy:
char a[1100]; /* full of A's with null ending */
into:
char tmp[10000];
I used:
sprintf(tmp, "%s", a);
When I printf tmp there is nothing printed. What am I doing wrong?
There's no way to say what you are doing wrong without seeing the whole thing.
The above sprintf should work, although strcpy would make more sense for that purpose. I'd guess that sprintf works fine. Could be that your a array is not "full of A's" as you believe, but rather an empty string (full of zeros). Or maybe it is your printing that either doesn't work or it works but you don't see the output for some reason.
My bet would be that your a is an empty string. No A's there. Where and how do you put those A's into the a array?
Output is often line-buffered. If the string you're printing has no newline, you might not see it without calling fflush first (also see http://c-faq.com/stdio/fflush.html). But as AndreyT said, we can't tell without seeing the rest of your code.
Related
I have some some C code that I'm trying to understand which uses the function __isoc99_scanf(). I haven't encountered that function ever before. I looked it up and it turns out that it is some kind of variation of scanf(). This is the code:
__isoc99_scanf(&DAT_00400d18,local_78,(undefined4 *)((long)puVar3 + 4));
&DAT_00400d18 is a C string containing the value "%s". local_78 is an array of unknown data type. puVar3 is a pointer that points to the last element of that array.
What really confuses me is why does that function call have three parameters? I know that scanf() takes two parameters: the first one is the format string. The second one is the memory address to save the date into. However __isoc99_scanf() here is invoked with three parameters. I cannot understand why the third parameter is there. The first parameter &DAT_00400d18 is just "%s", which suggests that the second parameter be a memory location where to save that string. But why do you need the third parameter when it's not even specified in the format string?
This is not my code, I didn't write it. Actually it is a disassembled version of the assembly code for a particular application that I'm trying to debug. But I've never seen __isoc99_scanf() before because I only used scanf() in my own code.
When you compile scanf, the compiler automatically translates it to the __isoc99_scanf function in libc. If you compile this code:
#include <stdio.h>
int main() {
char buf[32];
scanf("%32s", buf);
return 0;
}
and decompile in GHIDRA, you get:
__isoc99_scanf(&DAT_001007b4,local_38);
where DAT_001007b4 is "%32s" and local_38 is a buffer. It behaves exactly the same as normal scanf. One important thing to keep in mind when using GHIDRA is it doesn't know exactly how many arguments a function should expect, so if a function is being passed in too many arguments, like in your case, you should just ignore the extra arguments since the code will too.
char s[100]={0};
fgets(s, sizeof(s), stdin);
In the context of the code above, what is the difference between these three?
printf("%s",s);
printf(s);
fputs(s,stdout);
printf("%s",s); correct but printf is a very heavy function and most compilers will actually replace it with puts in the compiler code if the format string ends with '\n'
printf(s); very dangerous as the format string may contain % and then it will expect another parameters. If it happens it is UB. It also makes your code exploit prone
fputs(s,stdout); OK. Not as heavy as printf but will add the new line
#2 Should NEVER be used. I won't even write it here. An evil input can do very bad things in your system by introducing special characters. New versions of gcc warn you about this bug.
The difference between
printf("%s", s);
and
puts(s)
is that puts will add a newline, just like if you called
printf("%s\n", s);
As mentioned by other comments and answers, do not try the second option. Also, the third one is quite lighter than the first one.
However, I still prefer the first option (printf() function) because it allows you to have a formatted string, which means you can print out almost any data type using this function, whereas the function fputs only accept strings. So in most cases, you will have to format the string first (maybe using sprintf()) before passing it to the function !
In my C program in an operating systems code (on the kernal side), I am trying to use kprintf to print a character, but when even I do, it prints it as well as some block character which has these four small circles in it.
kprintf(&ch);
Does anyone know whats going on here?
The printf() family of functions take a format string which tells what you want to print. You cannot print a character directly as you are doing, because printf() (or kprintf() as the case may be) will continue to read as if it were a string. You want something like:
kprintf("%c", ch);
The format string tells printf() what additional arguments to expect. In this case, %c indicates a character argument.
please take a look at the two following c statements
printf("a very long string");
printf("%s","a very long string");
they produce the same result,but there is definitely some difference under the hood,so what is the difference and which one is better? Please share your ideas!
If you know what the string contents are, you should use the first form because it is more compact. If the string you want to print can come from the user or from any other source such that you do not know what the string contents are, you must use the second form; otherwise, your code will be wide open to format string injection attacks.
The first printf works like this
'a' is not a special character: print it
' ' is not a special character: print it
'v' is not a special character: print it
...
'g' is not a special character: print it
The second printf works like this
'%' is a special character:
's' print the contents of the string pointed to by the 2nd parameter
The first one passes one parameter and the second passes 2, so the call is slightly faster in the first one.
But in the first one, printf() has to scan the long string for format specifications and in the second one, the format string is very short, so the actual processing is probably faster in the second one.
More important (to me anyway), is that "a very long string" is not likely to be a a constant string as it is in this example. If you're printf'ing a long string, you're probably using a pointer to to something that the program generated. In that case, it's a MUCH better idea to use the second form because otherwise somewhere, somehow, sometime, the long string will contain a format printf format specification and that will cause printf to go looking for another argument and your program will crash. This exact problem just happened to me about a week ago in code that we have been using for nearly 20 years.
The bottom line is that your printf format specification should always be a constant string. If you need to output a variable, use printf("%s",var) or better yet, fputs(var, stdout).
The first is no less efficient than the second. Since there are no format sequences and no corresponding arguments, no work must be done by the printf() function. In the second case, if the compiler isn't smart enough to catch this, you will be calling for unnecessary work (note: miniscule compared to actually sending (and reading!) the output at the terminal.
printf was designed for printing with formatting. It is more useful to provide formatting arguments for the sake of debugging although they aren't required.
%s takes a value of a const char* whereas leaving no argument just prints the literal expression.
You could still cast a different pointer to the const char* explicitly and change its contents without changing the output expression.
First of all you should define "better" better since it is not smart enough by itself. Better in what way? performance, maintenance, readibility, extensibilty ...
With the one line of code presented I would choose option 1 for almost all versions of 'better'
It's more readible
It does what it should do and nothing more (KISS principle)
It's faster (no pointless moving memory around to stuff one string into another). But unless you are doing this printf a hell of a lot of times in a loop this is not that a big plus.
printf("/*something else*/"); /*note that:without using \n in printf*/
I know printf() uses a buffer which prints whatever it contains when, in the line buffer, "\n" is seen by the buffer function. So when we forget to use "\n" in printf(), rarely, line buffer will not be emptied. Therefore, printf() wont do its job. Am I wrong?
The example you gave above is safe as there are no variable arguments to printf. However it is possible to specify a format string and supply variables that do not match up with the format, which can deliver unexpected (and unsafe) results. Some compilers are taking a more proactive approach with printf use case analysis, but even then one should be very, very careful when printf is used.
From my man page:
These functions return the number of characters printed (not including
the trailing \0 used to end output to strings) or a negative value
if an output error occurs, except for snprintf() and vsnprintf(), which
return the number of characters that would have been printed if the n
were unlimited (again, not including the final \0).
So, it sounds like the can fail with a negative error.
Yes, output to stdout in C (using printf) is normally line buffered. This means that printf() will collect output until either:
the buffer is full, or
the output contains a \n newline
If you want to force the output of the buffer, call fflush(stdout). This will work even if you have printed something without a newline.
Also printf and friends can fail.
Common implementations of C call malloc() in the printf family of the stdC library.
malloc can fail, so then will printf. In UNIX the write() call can be interrupted by EINTR, so context switching in UNIX will trigger faults (EINTR). Windows can and will do similar things.
And... Although you do not see it posted here often you should always check the return code from any system or library function that returns a value.
Like that, no. It won't always work as you expect, especially if you're using user input as the format string. If the first argument has %s or %d or other format specifiers in it, they will be parsed and replaced with values from the stack, which can easily break if it's expecting a pointer and gets an int instead.
This way tends to be a lot safer:
printf("%s", "....");
The output buffer will be flushed before exit, or before you get input, so the data will make it regardless of whether you send a \n.
printf could fail for any number of reasons. If you're deep in recursion, calling printf may blow your stack. The C and C++ standards have little to say on threading issues and calling printf while printf is executing in another thread may fail. It could fail because stdout is attached to a file and you just filled your filesystem, in which case the return value tells you there was a problem. If you call printf with a string that isn't zero terminated then bad things could happen. And printf can apparently fail if you're using buffered I/O and your buffer hasn't been flushed yet.