DOCSLIB.ORG

Practical C Programming, 3Rd Edition

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Practical C Programming, 3rd Edition By Steve Oualline 3rd Edition August 1997 ISBN: 1-56592-306-5 This new edition of "Practical C Programming" teaches users not only the mechanics or programming, but also how to create programs that are easy to read, maintain, and debug. It features more extensive examples and an introduction to graphical development environments. Programs conform to ANSI C. 0 TEAM FLY PRESENTS Table of Contents Preface How This Book is Organized Chapter by Chapter Notes on the Third Edition Font Conventions Obtaining Source Code Comments and Questions Acknowledgments Acknowledgments to the Third Edition I. Basics 1. What Is C? How Programming Works Brief History of C How C Works How to Learn C 2. Basics of Program Writing Programs from Conception to Execution Creating a Real Program Creating a Program Using a Command-Line Compiler Creating a Program Using an Integrated Development Environment Getting Help on UNIX Getting Help in an Integrated Development Environment IDE Cookbooks Programming Exercises 3. Style Common Coding Practices Coding Religion Indentation and Code Format Clarity Simplicity Summary 4. Basic Declarations and Expressions Elements of a Program Basic Program Structure Simple Expressions Variables and Storage 1 TEAM FLY PRESENTS Variable Declarations Integers Assignment Statements printf Function Floating Point Floating Point Versus Integer Divide Characters Answers Programming Exercises 5. Arrays, Qualifiers, and Reading Numbers Arrays Strings Reading Strings Multidimensional Arrays Reading Numbers Initializing Variables Types of Integers Types of Floats Constant Declarations Hexadecimal and Octal Constants Operators for Performing Shortcuts Side Effects ++x or x++ More Side-Effect Problems Answers Programming Exercises 6. Decision and Control Statements if Statement else Statement How Not to Use strcmp Looping Statements while Statement break Statement continue Statement Assignment Anywhere Side Effect Answer Programming Exercises 7. Programming Process Setting Up Specification 2 TEAM FLY PRESENTS Code Design Prototype Makefile Testing Debugging Maintenance Revisions Electronic Archaeology Marking Up the Program Using the Debugger Text Editor as a Browser Add Comments Programming Exercises II. Simple Programming 8. More Control Statements for Statement switch Statement switch, break, and continue Answers Programming Exercises 9. Variable Scope and Functions Scope and Class Functions Functions with No Parameters Structured Programming Recursion Answers Programming Exercises 10. C Preprocessor #define Statement Conditional Compilation include Files Parameterized Macros Advanced Features Summary Answers Programming Exercises 11. Bit Operations Bit Operators The and Operator (&) 3 TEAM FLY PRESENTS Bitwise or (|) The Bitwise Exclusive or (^) The Ones Complement Operator (Not) (~) The Left- and Right-Shift Operators (<<, >>) Setting, Clearing, and Testing Bits Bitmapped Graphics Answers Programming Exercises 12. Advanced Types Structures Unions typedef enum Type Casting Bit Fields or Packed Structures Arrays of Structures Summary Programming Exercises 13. Simple Pointers Pointers as Function Arguments const Pointers Pointers and Arrays How Not to Use Pointers Using Pointers to Split a String Pointers and Structures Command-Line Arguments Programming Exercises Answers 14. File Input/Output Conversion Routines Binary and ASCII Files The End-of-Line Puzzle Binary I/O Buffering Problems Unbuffered I/O Designing File Formats Answers Programming Exercises 15. Debugging and Optimization Debugging Interactive Debuggers 4 TEAM FLY PRESENTS Debugging a Binary Search Runtime Errors The Confessional Method of Debugging Optimization Answers Programming Exercises 16. Floating Point Floating-Point Format Floating Addition/Subtraction Multiplication Division Overflow and Underflow Roundoff Error Accuracy Minimizing Roundoff Error Determining Accuracy Precision and Speed Power Series Programming Exercises III. Advanced Programming Concepts 17. Advanced Pointers Pointers and Structures free Function Linked List Structure Pointer Operator Ordered Linked Lists Double-Linked Lists Trees Printing a Tree Rest of Program Data Structures for a Chess Program Answers Programming Exercises 18. Modular Programming Modules Public and Private The extern Modifier Headers The Body of the Module A Program to Use Infinite Arrays 5 TEAM FLY PRESENTS The Makefile for Multiple Files Using the Infinite Array Dividing a Task into Modules Module Division Example: Text Editor Compiler Spreadsheet Module Design Guidelines Programming Exercises 19. Ancient Compilers K&R-Style Functions Library Changes Missing Features Free/Malloc Changes lint Answers 20. Portability Problems Modularity Word Size Byte Order Problem Alignment Problem NULL Pointer Problem Filename Problems File Types Summary Answers 21. C's Dustier Corners do/while goto The ?: Construct The , Operator volatile Qualifier Answer 22. Putting It All Together Requirements Specification Code Design Coding Functional Description 6 TEAM FLY PRESENTS Expandability Testing Revisions A Final Warning Program Files Programming Exercises 23. Programming Adages General Design Declarations switch Statement Preprocessor Style Compiling Final Note Answer IV. Other Language Features A. ASCII Table B. Ranges and Parameter Passing Conversions C. Operator Precedence Rules D. A Program to Compute a Sine Using a Power Series Glossary Index 7 TEAM FLY PRESENTS Preface This book is devoted to practical C programming. C is currently the premier language for software developers. That's because it's widely distributed and standard. Newer languages are available, such as C++, but these are still evolving. C is still the language of choice for robust, portable programming. This book emphasizes the skills you will need to do real-world programming. It teaches you not only the mechanics of the C language, but the entire life cycle of a C program as well (including the program's conception, design, code, methods, debugging, release, documentation, maintenance, and revision). Good style is emphasized. To create a good program yo u must do more than just type in code. It is an art in which writing and programming skills blend themselves together to form a masterpiece. True art can be created. A well-written program not only functions correctly, but is simple and easy to understand. Comments allow the programmer to include descriptive text inside the program. When clearly written, a commented program is highly prized. A program should be as simple as possible. A programmer should avoid clever tricks. This book stresses simple, practical rules. For example, there are 15 operator precedence rules in C. These can be simplified into two rules: 1. Multiply and divide come before add and subtract. 2. Put parentheses around everything else. Consider two programs. One was written by a clever programmer using all the tricks. The program contains no comments, but it works. The other program is well commented and nicely structured, but it doesn't work. Which program is more useful? In the long run, the broken one. It can be fixed. Although the clever program works now, sooner or later all programs have to be modified. The worst thing that you will ever have to do is to modify a cleverly written program. This handbook is written for people with no previous programming experience or programmers who already know C and want to improve their style and reliability. You should have access to a computer and 8 TEAM FLY PRESENTS know how to use the basic functions such as a text editor and the filesystem. Specific instructions are given for producing and running programs using the UN IX operating system with a generic cc compiler or the Free Software Foundation's gcc compiler. For MS-DOS/Windows users, instructions are included for Borland C++, Turbo C++, and Microsoft Visual C++. (These compilers compile both C and C++ code.) The book also gives examples of using the programming utility make for automated program production. How This Book is Organized You must crawl before you walk. In Part I we teach you how to crawl. These chapters enable you to write very simple programs. We start with the mechanics of programming and programming style. Next, you learn how to use variables and very simple decision and control statements. In Chapter 7, we take you on a complete tour of the software life cycle to show you how real programs are created. Part II describes all of the o ther simple statements and operators that are used in programming. You'll also learn how to organize these statements into simple functions. In Part III we take our basic declarations and statements and learn how they can be used in the construction of advanced types such as structures, unions, and classes. We'll also introduce the concept of pointers. Finally, a number of miscellaneous features are described Part IV . Chapter by Chapter Chapter 1 gives a brief description of the C language and its use. This chapter includes some background on the history of the language. Chapter 2 explains the basic programming process and gives you enough information to write a very simple program. Chapter 3 discusses programming style. Commenting a program is covered, as well as writing clear and simple code. 9 TEAM FLY PRESENTS Chapter 4 introduces you to simple C statements. Basic variables and the assignment statement are covered in detail, along with arithmetic operators +, -, *, /, and %. Chapter 5 covers arrays and more co mplex variables. Shorthand operators such
Recommended publications
  • By Sebastiano Vigna and Todd M. Lewis Copyright C 1993-1998 Sebastiano Vigna Copyright C 1999-2021 Todd M

    By Sebastiano Vigna and Todd M. Lewis Copyright C 1993-1998 Sebastiano Vigna Copyright C 1999-2021 Todd M

    ne A nice editor Version 3.3.1 by Sebastiano Vigna and Todd M. Lewis Copyright c 1993-1998 Sebastiano Vigna Copyright c 1999-2021 Todd M. Lewis and Sebastiano Vigna Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this manual into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by the Free Software Foundation. Chapter 1: Introduction 1 1 Introduction ne is a full screen text editor for UN*X (or, more precisely, for POSIX: see Chapter 7 [Motivations and Design], page 65). I came to the decision to write such an editor after getting completely sick of vi, both from a feature and user interface point of view. I needed an editor that I could use through a telnet connection or a phone line and that wouldn’t fire off a full-blown LITHP1 operating system just to do some editing. A concise overview of the main features follows: • three user interfaces: control keystrokes, command line, and menus; keystrokes and menus are completely configurable; • syntax highlighting; • full support for UTF-8 files, including multiple-column characters; • 64-bit

  • Administering Unidata on UNIX Platforms

    C:\Program Files\Adobe\FrameMaker8\UniData 7.2\7.2rebranded\ADMINUNIX\ADMINUNIXTITLE.fm March 5, 2010 1:34 pm Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta UniData Administering UniData on UNIX Platforms UDT-720-ADMU-1 C:\Program Files\Adobe\FrameMaker8\UniData 7.2\7.2rebranded\ADMINUNIX\ADMINUNIXTITLE.fm March 5, 2010 1:34 pm Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Beta Notices Edition Publication date: July, 2008 Book number: UDT-720-ADMU-1 Product version: UniData 7.2 Copyright © Rocket Software, Inc. 1988-2010. All Rights Reserved. Trademarks The following trademarks appear in this publication: Trademark Trademark Owner Rocket Software™ Rocket Software, Inc. Dynamic Connect® Rocket Software, Inc. RedBack® Rocket Software, Inc. SystemBuilder™ Rocket Software, Inc. UniData® Rocket Software, Inc. UniVerse™ Rocket Software, Inc. U2™ Rocket Software, Inc. U2.NET™ Rocket Software, Inc. U2 Web Development Environment™ Rocket Software, Inc. wIntegrate® Rocket Software, Inc. Microsoft® .NET Microsoft Corporation Microsoft® Office Excel®, Outlook®, Word Microsoft Corporation Windows® Microsoft Corporation Windows® 7 Microsoft Corporation Windows Vista® Microsoft Corporation Java™ and all Java-based trademarks and logos Sun Microsystems, Inc. UNIX® X/Open Company Limited ii SB/XA Getting Started The above trademarks are property of the specified companies in the United States, other countries, or both. All other products or services mentioned in this document may be covered by the trademarks, service marks, or product names as designated by the companies who own or market them. License agreement This software and the associated documentation are proprietary and confidential to Rocket Software, Inc., are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice.
  • Buffer Overflow Exploits

    Buffer Overflow Exploits

    Buffer overflow exploits EJ Jung A Bit of History: Morris Worm Worm was released in 1988 by Robert Morris • Graduate student at Cornell, son of NSA chief scientist • Convicted under Computer Fraud and Abuse Act, sentenced to 3 years of probation and 400 hours of community service • Now a computer science professor at MIT Worm was intended to propagate slowly and harmlessly measure the size of the Internet Due to a coding error, it created new copies as fast as it could and overloaded infected machines $10-100M worth of damage Morris Worm and Buffer Overflow One of the worm’s propagation techniques was a buffer overflow attack against a vulnerable version of fingerd on VAX systems • By sending special string to finger daemon, worm caused it to execute code creating a new worm copy • Unable to determine remote OS version, worm also attacked fingerd on Suns running BSD, causing them to crash (instead of spawning a new copy) For more history: • http://www.snowplow.org/tom/worm/worm.html Buffer Overflow These Days Most common cause of Internet attacks • Over 50% of advisories published by CERT (computer security incident report team) are caused by various buffer overflows Morris worm (1988): overflow in fingerd • 6,000 machines infected CodeRed (2001): overflow in MS-IIS server • 300,000 machines infected in 14 hours SQL Slammer (2003): overflow in MS-SQL server • 75,000 machines infected in 10 minutes (!!) Attacks on Memory Buffers Buffer is a data storage area inside computer memory (stack or heap) • Intended to hold pre-defined
  • Development of a Physician Profiling Data Mart Connie Chambers Regis University

    Development of a Physician Profiling Data Mart Connie Chambers Regis University

    Regis University ePublications at Regis University All Regis University Theses Fall 2008 Development of a Physician Profiling Data Mart Connie Chambers Regis University Follow this and additional works at: https://epublications.regis.edu/theses Part of the Computer Sciences Commons Recommended Citation Chambers, Connie, "Development of a Physician Profiling Data Mart" (2008). All Regis University Theses. 118. https://epublications.regis.edu/theses/118 This Thesis - Open Access is brought to you for free and open access by ePublications at Regis University. It has been accepted for inclusion in All Regis University Theses by an authorized administrator of ePublications at Regis University. For more information, please contact [email protected]. Regis University College for Professional Studies Graduate Programs Final Project/Thesis Disclaimer Use of the materials available in the Regis University Thesis Collection (“Collection”) is limited and restricted to those users who agree to comply with the following terms of use. Regis University reserves the right to deny access to the Collection to any person who violates these terms of use or who seeks to or does alter, avoid or supersede the functional conditions, restrictions and limitations of the Collection. The site may be used only for lawful purposes. The user is solely responsible for knowing and adhering to any and all applicable laws, rules, and regulations relating or pertaining to use of the Collection. All content in this Collection is owned by and subject to the exclusive control of Regis University and the authors of the materials. It is available only for research purposes and may not be used in violation of copyright laws or for unlawful purposes.
  • Automatic Discovery of API-Level Vulnerabilities

    Automatic Discovery of API-Level Vulnerabilities

    Automatic Discovery of API-Level Vulnerabilities Vinod Ganapathyy, Sanjit A. Seshiaz, Somesh Jhay, Thomas W. Repsy, Randal E. Bryantz yComputer Sciences Department, zSchool of Computer Science, University of Wisconsin-Madison Carnegie Mellon University fvg|jha|[email protected] fsanjit|[email protected] UW-MADISON COMPUTER SCIENCES TECHNICAL REPORT: UW-CS-TR-1512, JULY 2004. Abstract A system is vulnerable to an API-level attack if its security can be compromised by invoking an allowed sequence of operations from its API. We present a formal framework to model and analyze APIs, and develop an automatic technique based upon bounded model checking to discover API-level vulnerabilities. If a vulnerability exists, our technique produces a trace of API operations demonstrating an attack. Two case studies show the efficacy of our technique. In the first study we present a novel way to analyze printf-family format-string attacks as API-level attacks, and implement a tool to discover them automatically. In the second study, we model a subset of the IBM Common Cryptographic Architecture API, a popular cryptographic key-management API, and automatically detect a previously known vulnerability. 1 Introduction Software modules communicate through application programming interfaces (APIs). Failure to respect an API's usage conventions or failure to understand the semantics of an API may lead to security vulnerabilities. For instance, Chen et al. [13] demonstrated a security vulnerability in sendmail-8.10.1that was due to a misunderstanding of the semantics of UNIX user-id setting commands. A programmer mistakenly assumed that setuid(getuid()) would always drop all privileges.
  • Cscope Security Update (RHSA-2009-1101)

    Cscope Security Update (RHSA-2009-1101)

    cscope security update (RHSA-2009-1101) Original Release Date: June 16, 2009 Last Revised: June 16, 2009 Number: ASA-2009-236 Risk Level: None Advisory Version: 1.0 Advisory Status: Final 1. Overview: cscope is a mature, ncurses-based, C source-code tree browsing tool. Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-2541, CVE-2006-4262, CVE-2009- 0148 and CVE-2009-1577 to these issues. Note: This advisory is specific to RHEL3 and RHEL4. No Avaya system products are vulnerable, as cscope is not installed by default. More information about these vulnerabilities can be found in the security advisory issued by RedHat Linux: · https://rhn.redhat.com/errata/RHSA-2009-1101.html 2. Avaya System Products using RHEL3 or RHEL4 with cscope installed: None 3. Avaya Software-Only Products: Avaya software-only products operate on general-purpose operating systems. Occasionally vulnerabilities may be discovered in the underlying operating system or applications that come with the operating system. These vulnerabilities often do not impact the software-only product directly but may threaten the integrity of the underlying platform. In the case of this advisory Avaya software-only products are not affected by the vulnerability directly but the underlying Linux platform may be. Customers should determine on which Linux operating system the product was installed and then follow that vendor's guidance.
  • Linux Kernel and Driver Development Training Slides

    Linux Kernel and Driver Development Training Slides

    Linux Kernel and Driver Development Training Linux Kernel and Driver Development Training © Copyright 2004-2021, Bootlin. Creative Commons BY-SA 3.0 license. Latest update: October 9, 2021. Document updates and sources: https://bootlin.com/doc/training/linux-kernel Corrections, suggestions, contributions and translations are welcome! embedded Linux and kernel engineering Send them to [email protected] - Kernel, drivers and embedded Linux - Development, consulting, training and support - https://bootlin.com 1/470 Rights to copy © Copyright 2004-2021, Bootlin License: Creative Commons Attribution - Share Alike 3.0 https://creativecommons.org/licenses/by-sa/3.0/legalcode You are free: I to copy, distribute, display, and perform the work I to make derivative works I to make commercial use of the work Under the following conditions: I Attribution. You must give the original author credit. I Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. I For any reuse or distribution, you must make clear to others the license terms of this work. I Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above. Document sources: https://github.com/bootlin/training-materials/ - Kernel, drivers and embedded Linux - Development, consulting, training and support - https://bootlin.com 2/470 Hyperlinks in the document There are many hyperlinks in the document I Regular hyperlinks: https://kernel.org/ I Kernel documentation links: dev-tools/kasan I Links to kernel source files and directories: drivers/input/ include/linux/fb.h I Links to the declarations, definitions and instances of kernel symbols (functions, types, data, structures): platform_get_irq() GFP_KERNEL struct file_operations - Kernel, drivers and embedded Linux - Development, consulting, training and support - https://bootlin.com 3/470 Company at a glance I Engineering company created in 2004, named ”Free Electrons” until Feb.
  • The AWK Programming Language

    The AWK Programming Language

    The Programming ~" ·. Language PolyAWK- The Toolbox Language· Auru:o V. AHo BRIAN W.I<ERNIGHAN PETER J. WEINBERGER TheAWK4 Programming~ Language TheAWI(. Programming~ Language ALFRED V. AHo BRIAN w. KERNIGHAN PETER J. WEINBERGER AT& T Bell Laboratories Murray Hill, New Jersey A ADDISON-WESLEY•• PUBLISHING COMPANY Reading, Massachusetts • Menlo Park, California • New York Don Mills, Ontario • Wokingham, England • Amsterdam • Bonn Sydney • Singapore • Tokyo • Madrid • Bogota Santiago • San Juan This book is in the Addison-Wesley Series in Computer Science Michael A. Harrison Consulting Editor Library of Congress Cataloging-in-Publication Data Aho, Alfred V. The AWK programming language. Includes index. I. AWK (Computer program language) I. Kernighan, Brian W. II. Weinberger, Peter J. III. Title. QA76.73.A95A35 1988 005.13'3 87-17566 ISBN 0-201-07981-X This book was typeset in Times Roman and Courier by the authors, using an Autologic APS-5 phototypesetter and a DEC VAX 8550 running the 9th Edition of the UNIX~ operating system. -~- ATs.T Copyright c 1988 by Bell Telephone Laboratories, Incorporated. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopy­ ing, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America. Published simultaneously in Canada. UNIX is a registered trademark of AT&T. DEFGHIJ-AL-898 PREFACE Computer users spend a lot of time doing simple, mechanical data manipula­ tion - changing the format of data, checking its validity, finding items with some property, adding up numbers, printing reports, and the like.
  • C:\Andrzej\PDF\ABC Nagrywania P³yt CD\1 Strona.Cdr

    C:\Andrzej\PDF\ABC Nagrywania P³yt CD\1 Strona.Cdr

    IDZ DO PRZYK£ADOWY ROZDZIA£ SPIS TREFCI Wielka encyklopedia komputerów KATALOG KSI¥¯EK Autor: Alan Freedman KATALOG ONLINE T³umaczenie: Micha³ Dadan, Pawe³ Gonera, Pawe³ Koronkiewicz, Rados³aw Meryk, Piotr Pilch ZAMÓW DRUKOWANY KATALOG ISBN: 83-7361-136-3 Tytu³ orygina³u: ComputerDesktop Encyclopedia Format: B5, stron: 1118 TWÓJ KOSZYK DODAJ DO KOSZYKA Wspó³czesna informatyka to nie tylko komputery i oprogramowanie. To setki technologii, narzêdzi i urz¹dzeñ umo¿liwiaj¹cych wykorzystywanie komputerów CENNIK I INFORMACJE w ró¿nych dziedzinach ¿ycia, jak: poligrafia, projektowanie, tworzenie aplikacji, sieci komputerowe, gry, kinowe efekty specjalne i wiele innych. Rozwój technologii ZAMÓW INFORMACJE komputerowych, trwaj¹cy stosunkowo krótko, wniós³ do naszego ¿ycia wiele nowych O NOWOFCIACH mo¿liwoYci. „Wielka encyklopedia komputerów” to kompletne kompendium wiedzy na temat ZAMÓW CENNIK wspó³czesnej informatyki. Jest lektur¹ obowi¹zkow¹ dla ka¿dego, kto chce rozumieæ dynamiczny rozwój elektroniki i technologii informatycznych. Opisuje wszystkie zagadnienia zwi¹zane ze wspó³czesn¹ informatyk¹; przedstawia zarówno jej historiê, CZYTELNIA jak i trendy rozwoju. Zawiera informacje o firmach, których produkty zrewolucjonizowa³y FRAGMENTY KSI¥¯EK ONLINE wspó³czesny Ywiat, oraz opisy technologii, sprzêtu i oprogramowania. Ka¿dy, niezale¿nie od stopnia zaawansowania swojej wiedzy, znajdzie w niej wyczerpuj¹ce wyjaYnienia interesuj¹cych go terminów z ró¿nych bran¿ dzisiejszej informatyki. • Komunikacja pomiêdzy systemami informatycznymi i sieci komputerowe • Grafika komputerowa i technologie multimedialne • Internet, WWW, poczta elektroniczna, grupy dyskusyjne • Komputery osobiste — PC i Macintosh • Komputery typu mainframe i stacje robocze • Tworzenie oprogramowania i systemów komputerowych • Poligrafia i reklama • Komputerowe wspomaganie projektowania • Wirusy komputerowe Wydawnictwo Helion JeYli szukasz ]ród³a informacji o technologiach informatycznych, chcesz poznaæ ul.
  • A Type System for Format Strings E

    A Type System for Format Strings E

    ifact t * r * Comple t te A A n * te W E is s * e C n l l o D C A o * * c T u e m S s E u e S e n I R t v A Type System for Format Strings e o d t y * s E a * a l d u e a t Konstantin Weitz Gene Kim Siwakorn Srisakaokul Michael D. Ernst University of Washington, USA {weitzkon,genelkim,ping128,mernst}@cs.uw.edu ABSTRACT // Untested code (Hadoop) Most programming languages support format strings, but their use Resource r = ... format("Insufficient memory %d", r); is error-prone. Using the wrong format string syntax, or passing the wrong number or type of arguments, leads to unintelligible text // Unchecked input (FindBugs) output, program crashes, or security vulnerabilities. String urlRewriteFormat = read(); This paper presents a type system that guarantees that calls to format(urlRewriteFormat, url); format string APIs will never fail. In Java, this means that the API will not throw exceptions. In C, this means that the API will not // User unaware log is a format routine (Daikon) log("Exception " + e); return negative values, corrupt memory, etc. We instantiated this type system for Java’s Formatter API, and // Invalid syntax for Formatter API (ping-gcal) evaluated it on 6 large and well-maintained open-source projects. format("Unable to reach {0}", server); Format string bugs are common in practice (our type system found Listing 1: Real-world code examples of common programmer 104 bugs), and the annotation burden on the user of our type system mistakes that lead to format routine call failures.
  • Automatic Protection from Printf Format String Vulnerabilities

    Automatic Protection from Printf Format String Vulnerabilities

    USENIX Association Proceedings of the 10th USENIX Security Symposium Washington, D.C., USA August 13–17, 2001 THE ADVANCED COMPUTING SYSTEMS ASSOCIATION © 2001 by The USENIX Association All Rights Reserved For more information about the USENIX Association: Phone: 1 510 528 8649 FAX: 1 510 548 5738 Email: [email protected] WWW: http://www.usenix.org Rights to individual papers remain with the author or the author's employer. Permission is granted for noncommercial reproduction of the work for educational or research purposes. This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. FormatGuard: Automatic Protection From printf Format String Vulnerabilities Crispin Cowan, Matt Barringer, Steve Beattie, and Greg Kroah-Hartman WireX Communications, Inc. http://wirex.com/ Mike Frantzen Jamie Lokier Purdue University CERN Abstract their trouble. Since June 2000, format bugs have eclipsed buffer overflow vulnerabilities for the most In June 2000, a major new class of vulnerabilities called common form of remote penetration vulnerability. “format bugs” was discovered when an vulnerability in WU-FTP appeared that acted almost like a buffer over- There are several obvious solutions to this problem, flow, but wasn’t. Since then, dozens of format string which unfortunately don’t work: vulnerabilities have appeared. This paper describes the format bug problem, and presents FormatGuard: our Remove the %n feature: The printf %n directive is proposed solution. FormatGuard is a small patch to the most dangerous, because it induces printf to glibc that provides general protection against format write data back to the argument list. It has been pro- bugs.
  • Standard TECO (Text Editor and Corrector)

    Standard TECO (Text Editor and Corrector)

    Standard TECO TextEditor and Corrector for the VAX, PDP-11, PDP-10, and PDP-8 May 1990 This manual was updated for the online version only in May 1990. User’s Guide and Language Reference Manual TECO-32 Version 40 TECO-11 Version 40 TECO-10 Version 3 TECO-8 Version 7 This manual describes the TECO Text Editor and COrrector. It includes a description for the novice user and an in-depth discussion of all available commands for more advanced users. General permission to copy or modify, but not for profit, is hereby granted, provided that the copyright notice is included and reference made to the fact that reproduction privileges were granted by the TECO SIG. © Digital Equipment Corporation 1979, 1985, 1990 TECO SIG. All Rights Reserved. This document was prepared using DECdocument, Version 3.3-1b. Contents Preface ............................................................ xvii Introduction ........................................................ xix Preface to the May 1985 edition ...................................... xxiii Preface to the May 1990 edition ...................................... xxv 1 Basics of TECO 1.1 Using TECO ................................................ 1–1 1.2 Data Structure Fundamentals . ................................ 1–2 1.3 File Selection Commands ...................................... 1–3 1.3.1 Simplified File Selection .................................... 1–3 1.3.2 Input File Specification (ER command) . ....................... 1–4 1.3.3 Output File Specification (EW command) ...................... 1–4 1.3.4 Closing Files (EX command) ................................ 1–5 1.4 Input and Output Commands . ................................ 1–5 1.5 Pointer Positioning Commands . ................................ 1–5 1.6 Type-Out Commands . ........................................ 1–6 1.6.1 Immediate Inspection Commands [not in TECO-10] .............. 1–7 1.7 Text Modification Commands . ................................ 1–7 1.8 Search Commands .