README update, warning.c commenting

This commit is contained in:
Christoph J. Scherr 2022-11-26 00:10:35 +01:00
parent 9e52cac031
commit 17d671e908
2 changed files with 15 additions and 3 deletions

View File

@ -2,9 +2,15 @@
This Repository features C source code i wrote to learn c. Currently the most advanced program included is an This Repository features C source code i wrote to learn c. Currently the most advanced program included is an
unfinished implementation of the huffman algorithm. unfinished implementation of the huffman algorithm.
Some programs make use of outdated and unsafe functions such as gets() or scanf(), which **should never be used**. Some programs make use of outdated and unsafe functions such as `gets()` or `scanf()`, which **should never be used**.
That is the case, because we were teached to use some of these in programming classes. Ideally, all uses That is the case, because we were teached to use some of these in programming classes. Ideally, all uses
of these unsafe functions should include a comment explaining why this is bad and also include and implemented of these unsafe functions should include a comment explaining why this is bad and also include and implemented
alternative, but that may not always be the case. alternative, but that may not always be the case.
All code in this Repository was written on and for a Linux x86_64 system. It might not work on other systems. All code in this Repository was written on and for a Linux x86_64 system. It might not work on other systems.
### Note:
`scanf()` is not inherently unsafe, but must be handled very careful and isn't recommended by most, so i have
chosen to classify it as unsafe. If you know exactly what you are doing using `scanf()` seems to be acceptable.
I consider the use of `scanf()` to be bad practice.

View File

@ -2,8 +2,14 @@
int main(){ int main(){
char s[2]; char s[2];
// produce warning, char* s is too small for the following fgets instruction /*
fgets(s, 10, stdin); * The following line of code is unsafe. It writes up to 10 bytes into the char array 's', which is only
* 2 Bytes big. A Buffer Overflow can happen. I have chosen to keep that line, because i wanted a source
* file that produces a compiler warning when it is compiled. That is the true purpose of this file.
*
* a safe alternative would be: fgets(s, 2, stdin);
*/
fgets(s, 10, stdin); // UNSAFE
printf("%s\n",s); printf("%s\n",s);
return 0; return 0;
} }