Be careful when using C.

I was like “oh he’s gonna use another scan function” and then you whipped out the %12s and it was magnificent

Writing a letter when program expects a number: Pascal: throws an error and ends Python: throws an error and ends Perl: throws an error and ends Golang: assigns 0 to the variable C: loops itself to infinity, forcing you to use task manager to shut the program down before it sets your computer on fire.

Thank you for covering this topic. Many tutorials for beginners use scanf() or gets(). Which obviously can be really dangerous.

Just a reminder. As I recall, in standard C99, compilers do not allocate the extra byte for the null termination on char-arrays (strings). So char my_string[20] can be up to 19 characters long, since the last one must be a null, to indicate the end. My understanding is that this is meant to be for use-cases when you are storing small integers in an array, and want to save space. This way, it won't be adding bytes to arrays unpredictably, everything is always the size you tell it to be. I'm sure everyone here already is well aware of this, just in case some people forgot.

Again back to C. We need more C tutorial in this great channel.

Explains buffer overflow without saying buffer overflow great vid

It's been almost 3 months since uni started and our teacher is giving us approximately 15 exercises a week and many of the stuff needed for these exercises to be "bug free" are not included in his lectures... Videos like this are a life saver cause now I can do my about 3/10 exercises assigned this week without worrying about them having this exact issue (which I did face and wanted to find a way to overcome...), Also, even though it's a 12min video the information presented is well structured enough that it feels as way less time has elapsed and I really appreciate that.

Thank you very much! Im a beginner in c and my teacher told us to use the scanf() function to read in some user input. I asked him how to failcheck/make sure the user puts in the right things on scanf, but he told me you just dont. Right after that we talked about buffer overflows in another class lol. Nicely explained even for ones without great knowledge

This was really good! I would love to see more C and program security videos.

dude thank you! i really like how you explained this! -i've watched 6 videos and didn't get it until yours lol thank you again !

I'm new to C/C++ and I feel lucky that I got to know this early on. Thank you so much for the heads up!

This video is great, because most of the times when we start learning C, we're just taught that a way to take user imput is by using scanf. If you're lucky enough or do your research, you'll probably discover that there are also other functions for that. And even though nowadays there's so much info on the internet, we're not taught so much about programming safely. So we keep learning, our programs become bigger and bigger, and eventually we find that our program crashes and we don't know why. And the bigger our project is, the harder it is to find every error. And this is just considering we do C projects for ourselves. Imagine if this happens in a company project or stuff. Not only you'd have a potential error, you'd have fatal security issues in your system, that someone with enough knowledge could exploit. And this doesn't only apply to C. C just doesn't provide any safety measures natively, but it can happen in other languages too! So in summary, it's always a good programming practice to introduce safety checks in your code, and if you're working in a company, this becomes a must.

Order and sanity got totally fucked up when he named the executable _main.o_ as if it were an object file... (Linux wouldn't care, but a make system will.)

Yes, extremely useful. But I also recommend fgets(). It can also get strings with spaces, and it also avoids the scanf problem. A thing to remember, though, is that this function also eats the line-changing character. So I usually get rid of the last character and replace it with '\0'(null character)

Thank you very much, i was seching for a easy to use way to fix this.

That's some quality information!

Very informative. Appreciated!

Your explanation was really fantastic

in case some of you are interested, I have C project with function that allows you to initialise a variable of any integer type safely, which means that you can’t write letters or any other symbols as input and it tracks type overflow. I can send it to you if you want. it also contains beautiful algorithm of defining min and max value of any integer type using bits operations that i could not find on the internet

It's 20. When declaring array you have to explicitly include the null byte. :) The string literal will be automatically null-terminated for you though.

That should be a %11s, because scanf will take the input and add a \0 at the end of it. So, with your code, if I enter "123456789012" then it will save 13 characters and potentially override part of our password string.

Make theses type of videos 🔥 i really enjoy this 🔥

Wow did not know about this, thanks!

Very interesting video. Thank you

Great contents. Subbed.

Very interesting.I tested the code. Success.

Very nice explanation i readed the entire stackoverflow post about this topic and i didn't understood a thing but thanks to you the entire scanf vulnerability is clear to me now Btw why didn't you used scanf_s ?

this was a great tutorial

Grate video 💡

scanf is a family of library functions that aged poorly and should probably be used as little as possible in favor of (reading and) parsing a string yourself. Not only do you run into issues like Rockstar accidentally building a quadric-time parser because sscanf builds a string stream first which (depending on the C library) always counts its length, but it's also unreliable without checking the return value.

This video is quite nice for me I'm interested in programming and I appreciate C language but appearantly writing C is easy but writing it correct is quite hard and writing C correct is not a popular video topic on youtube thx for the video!

If myinput has length of 12(including null character) so in scanf it must be %11s otherwise if input is more than 11 characters the next storagespace/variable will be empty(thus mypassword is empty string)

it is great thing to know. tnx

12s is incorrect! You need 11s to make room for the null terminator!

Basically if he didn't have stack smashing detection a hacker can pretty much turn that scanf() into a goto that ignores scope. If this was an 8 bit or 16 bit cpu (which didn't have protected memory) he could execute basically any code he wanted to on the machine

By the way, you can also use "%ms" as format string for scanf(). In this case, scanf() will allocate a buffer that is large enough to hold the entire input string, including the \0. In turn, you are obliged to free() this buffer when you finish your business with it.

In c++ there is scanf_s for a safe output using an extra size Parameter. I don't know about c, but in c++, it's that.

good one... also can use fgets() function to be on safer aise

That's why you should use getline. In fact the gcc documentation recommends never using a compiler that doesn't support that function

As someone in a class going over c this is quite interesting

Very cool!

thanks a billion!

use scanf_s and strcmp_s to have more control with buffers xD so it doesn't go buffer overflow. strcmp_s is kinda nice. if somehow the buffer doesn't get null-terminated for some odd reason. that might be a bug in the future xD.. so it doesn't compare the whole bytes until it hits 0 somewhere else in the memory. or you can crash because you end up going into pages that have no permission to read xD

What it's the proper way to get user console input? It seems to do super strange things when you try to pass a string type variable to an int type variable (infinite loops, printing some random stuff, or even crashing).

For string input is better to just use fgets or getline functions

at 10:49 you write a lot of A's to the string but scanf only scans the first 12 right so your string is full with A's but isn't there a problem with the last byte that should be \x00?

Wow, its amazing

The best 👽💜

See C can be dangerous in uncareful hands, but also it's been around long enough that all the gotchas are well known.

i love the "i prefer linux for c" massively juxtaposed by it being wsl

Good tutorial man! Question: how did you setup Ubuntu Vim like this in Windows?

Just use *n* functions like snscanf, snprintf, strncmp! Other functions like fgets are also safe from buffer overflows.

Heyy can you do like some C++ projects and other tips, pls :)

Actually the output, that you are getting, is not an object file. It's an elf executable. You shouldn't use the .o extention for it as this might confuse some people if they are trying to follow a tutorial. By default gcc outputs a file named "a.out" and it is an elf executable. You should keep using that or at least not use "main.o" as the file name as that can slow your development down as you need to select the proper file starting with "main." and doing that isn't fast as normally you can just use tab until you see that "a.out" is the file, that you will execute, but when using the name "main.o" you have to type the whole file name for it to work.

Thanks for the great video; I've had this problem using scanf() trying to get an integer ie. Any key eg. ESC will cause a Segmentation Fault. Can you recommend something for this. Thanks in advance.

what would've happened if the neighbouring array was also reading from stdin will buffer overflow still happen?

Alright so if I create a character array like I have posted below. How many bytes should I allocate so it is safe/secure? I'm assuming the name is already 5 bytes but I also have to include another byte for the null byte so that would be 6 bytes. So would that mean the character array and the scanf function should be both 6 bytes? char firstName[] = "Daniel";

Very interesting video! Just a question, is there any specific reason for not using the “&” in the scanf() function? I normally see for example scanf(“%s”, &myinput)

Does this problem happen only when we use scanf() to input string type data?

We need tutorial for C programming

would this matter if we are scanning a single character?

Yo what is the name of that text editor? It looks like vi but with colors to show what mode the user is on, does anyone know?

I know this is a bit old but what editor is he using? nv? that's what he typed but i can't find an editor called nv. Maybe nv is an alias?

Alguna página donde pueda practicar o información detallada de programación en c

Hey amn did you make that theme yourself our you downloaded? If you make it yourself could you pass it i would love to make a vscide theme like that.

How is it called the

it doesn't give any stack smashing error and I can't write over also, I'm using dev c++ do you know why?

hello Neureline how can we create a management stock in python

Are BufferOverflow or similiar user input vulnerabilities present in Java or Python?

Why did you use python to print?

I thought you show us how set limit via size_t variable type.

Please create C programing language lessons tutorial..... 🌹🌹🌹🌹🌹💖💖💖💖💖

And what if the length isn’t known in compile time? Just use string concatenation to build the format string?

why does it overwrite the next array though?

Amazing

may I know which font you use for the terminal?

Compiling the executable with a dot o extension... yah that's totally normal.

How we can set up scanf format to let users input strings with spaces too?

it doesn't really fix that much, for example program shouldn't take password123AAAAAAAA and print SUCCESS - which it does in this case. How do you deal with this?

the safest alternative to scanf() is gets()

The '

But what would happen if the password is exactly 12 characters, let's say "password1234", and someone input it "password12345", and since "%12s" would make the program only read the first 12 characters, wouldn't that be a success?

Why such compression ???

what I learned: don’t code in c, code in C++

a=1 while (a

I've been using fgets extensively

wooowwwww this is awesome

What editor are you using?

한국인 있음?? 그니까 %s로만 받고 프린트하면 스택오버플로우 되서 비밀번호 뱉으니까 %사이즈s하라는거??

4:25 19 bytes

Him not clearing the terminal is bothering me uh.......

Why not insert input like this, instead of python? echo "text" | ./main.o

buffer overlows strike again

This is why you should always practice clean coding. Especially with languages like C/C++ or low-level programming. Garbage collection is very important.

2023 : Does not work anymore I think compilers have fixed this issue.

Wow... what an easy fix! Why the fuck do so many tutorials not include that

I mean... it's in the name of the function... scanf, scan _formatted_. User input is the least formatted thing there is.🤨

There is scanf_s as well right?

7:45