Verification with strlen in c

StackOverflow https://stackoverflow.com/questions/20748700

  •  21-09-2022
  •  | 
  •  

Question

I am using this strip of code to verify the length being inputted in the struct so that the file wont explode but I do not think I am executing it right.

    do
    {
        inputflag=0;
        printf("Passenger ID no: ");
        gets(newRes.idCard);
        if((strlen(newRes.idCard))>7)
        {
            printf("invalid input \n");
            inputflag=1;
        }
        fflush(stdin);
    } while(inputflag==0);
Was it helpful?

Solution

Your gets call is unsafe. It can accept more characters than you have allocated. Boom.

Assuming you have allocated at least 8 bytes for .idCard (i.e. 7 chars plus terminator) then consider using this:

  fgets(newRes.idCard, 7+1, stdin);

This ensures you will not accept too many chars. It will truncate as necessary. Check the return value of fgets for success.

(man fgets)

Compile this example code and study. I hope you find what you're looking for in here.

#include <stdio.h>
#include <string.h>

#define MAX_ID_LEN (7)

int main() {
    char idCard[MAX_ID_LEN+1];
    printf("ID: ");
    if (fgets(idCard, MAX_ID_LEN+1, stdin)) {
        char *cLast = idCard + strlen(idCard)-1;
        if (*cLast == '\n')
            *cLast = 0;  // strip newline *if* present
        printf("Success!  idCard='%s'\n", idCard);
    } else {
        printf("Failure.\n");
    }
    return 0;
}

Note there are several lines of code there to check if the input includes a newline char and remove it. fgets ensures a newline unless the user entered more than 7 characters for the ID. I hope this is clear for you.

Alternatively, this is probably less distracting for you: (just use fscanf)

#include <stdio.h>

int main() {
    char idCard[7+1];
    printf("ID: ");
    fscanf(stdin, "%7s", idCard);
    printf("idCard='%s'\n", idCard);
    return 0;
}

OTHER TIPS

In order to properly flush stdin you should the following:

int c;
while ((c = getchar()) != '\n' && c != EOF);

And instead of gets you should use fgets because there you can limit the number of characters to the size of your input buffer.

gets will not know the length and thus if the user enters more than the buffer provides, a buffer overflow can be caused.

How come fflush(stdin) function is not working?

Checking the length after reading data into too small a buffer is too late. Read the data into a large holding buffer first.

fgets() is a great replacement for the obsolete gets(). Remember to strip a potential ending \n.

Also avoid magic numbers like '7'. Use something like sizeof(newRes.idCard).

In well designed code fflush(stdin) is not needed and should be avoided as it is not portable.

int inputflag = 0;  // Not clear is OP needs this value after the while loop.
do {
  printf("Passenger ID no: ");
  char buf[sizeof(newRes.idCard) * 2]; ' twice as big as needed.
  if (fgets(buf, sizeof buf, stdin) == NULL) {
    inputflag = 1;
    break;
  }
  size_t Len = strlen(buf);
  if (Len && buf[Len-1] == '\n') buf[--Len] = '\0';
  if(Len >= sizeof(newRes.idCard)) {
    printf("invalid input \n");
    inputflag = 1;
  }
  else {
    strcpy(newRes.idCard, buf);
  }
} while (inputflag == 0);
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top