[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

sprintf can not work in ruby c source?

Haoqi Haoqi

5/1/2007 7:13:00 AM

here is my simple test:
where is my mistake??

#include "ruby.h"
#include "stdio.h"
static VALUE
tests(){
char *s1="a ";
char *s2=" b";
char *buf;
sprintf(buf,"%s after %s",s1,s2);
printf(buf);
return Qnil;
}
void Init_hello(){
rb_define_global_function("tests",tests,0);
}

--
Posted via http://www.ruby-....
4 Answers

Maik Schmidt

5/1/2007 7:25:00 AM

0

In article <9d71df8a63af2a669698ea94c2a5111c@ruby-forum.com> Haoqi
Haoqi <axgle@126.com> wrote:

> here is my simple test:
> where is my mistake??
>
> #include "ruby.h"
> #include "stdio.h"
> static VALUE
> tests(){
> char *s1="a ";
> char *s2=" b";
> char *buf;
> sprintf(buf,"%s after %s",s1,s2);
> printf(buf);
> return Qnil;
> }
> void Init_hello(){
> rb_define_global_function("tests",tests,0);
> }
>
I guess your problem is that buf is an uninitialized pointer pointing to an
arbitrary memory location. If you declare it like this
char buf[200]
your program should work.

--
I'm trying a new usenet client for Mac, Nemo OS X.
You can download it at http://www.malcom-ma...

Haoqi Haoqi

5/1/2007 7:31:00 AM

0

Francis Cianfrocca wrote:
> On 5/1/07, Haoqi Haoqi <axgle@126.com> wrote:
>> char *buf;
>> sprintf(buf,"%s after %s",s1,s2);
>> printf(buf);
>> return Qnil;
>> }
>> void Init_hello(){
>> rb_define_global_function("tests",tests,0);
>> }
>
>
>
> Um, you realize you're writing right into a random memory location? If
> you're not an experienced C programmer, you may want to reconsider your
> project to write a Ruby extension.
I am not an experienced C programmer,and just learn to write a Ruby
extension with c.


--
Posted via http://www.ruby-....

Haoqi Haoqi

5/1/2007 7:33:00 AM

0

Maik Schmidt wrote:
> In article <9d71df8a63af2a669698ea94c2a5111c@ruby-forum.com> Haoqi
> Haoqi <axgle@126.com> wrote:
>
>> sprintf(buf,"%s after %s",s1,s2);
>> printf(buf);
>> return Qnil;
>> }
>> void Init_hello(){
>> rb_define_global_function("tests",tests,0);
>> }
>>
> I guess your problem is that buf is an uninitialized pointer pointing to
> an
> arbitrary memory location. If you declare it like this
> char buf[200]
> your program should work.
Oh,Yes,Thank you very much!~

C:\ext\1>ruby client.rb
a after b
^_^

--
Posted via http://www.ruby-....

hemant

5/1/2007 4:13:00 PM

0

On 5/1/07, Adam Bozanich <adam.boz@gmail.com> wrote:
> On 5/1/07, Haoqi Haoqi <axgle@126.com> wrote:
> >
> > here is my simple test:
> > where is my mistake??
> >
> > #include "ruby.h"
> > #include "stdio.h"
> > static VALUE
> > tests(){
> > char *s1="a ";
> > char *s2=" b";
> > char *buf;
> > sprintf(buf,"%s after %s",s1,s2);
> > printf(buf);
> > return Qnil;
> > }
> > void Init_hello(){
> > rb_define_global_function("tests",tests,0);
> > }
>
>
> You have to be very careful when working with c. The code above has a
> couple of classic security vulnerabilities.
>
> Since you are not dealing with user-controlled buffers, it's not that big of
> a deal, but here's a couple tips:
>
> 1) in general, don't use sprintf. use snprintf().
>
> char * s1 = "a ";
> char * s2 = "b ";
> char buf[1024];
> snprintf(buf,sizeof(buf),"%s after %s",s1,s2);
>
> 2) always use a string literal as the format string to functions which take
> them ( printf() , snprintf() , etc... ):
>
> printf("%s",buf);
>
> If you're interested in what can be done if these errors are made, check out
> these papers:
>
> http://doc.bughunter.net/buffer-overflow/smash-...
> http://doc.bughunter.net/format-string/explo...


Thanks for the links Adam.


--
gnufied