forgot to copy the list :) -----Forwarded Message-----
From: Richard D. Jackson richardj@1gig.net To: Frank Heckenbach frank@g-n-u.de Subject: Re: String Question Date: 13 Feb 2003 10:14:20 -0600
On Thu, 2003-02-13 at 01:27, Frank Heckenbach wrote:
<snip> > In this case what gpc does is truncate the return value to fit into > myStr. Other words this does not cause a compiler error so the compiler > sees these two strings as being equivlant even though that is not the > case.
My previous reply to Chuck's mail should have made this clear.
Did not get that one until after I wrote my reply.
<snip> > What is interesting is that. > Given > > var > buff : String (255); > > I can stuff 30925 chars into it after that majic number I get a > segfault.
I can't. The following stops at 255.
program Foo;
var buff : String (255);
counter : Integer;begin buff := '';
counter := 1;repeat buff := buff + ' '; WriteLn (Length (buff))
WriteLn ( counter ); counter := counter + 1;until False end.
Here even though the Length of buff will stay 255 after the 255th iteration counter will go to 30951 before the segfault. Which means the sting buffer is going out of bounds.
If what you mean is treating the string as an array of char and indexing out of range, this would be a matter of range-checking(*) -- I'm not sure if you mean this, that's why it's always a good idea to include some example code!
Here is what I used but note it is slopy as I was trying out other things as well. NOTE: You can replace Str255 with TString and get the same result. Also I'm still using gpc-20021128 based on gcc-3.2.1
program stringtest( Input, Output);
uses GPC;
type Str255 = String (255);
var testout : String (100);
function foobar: Str255; var counter : Integer; buff : String (255);
begin buff := 'B'; for counter := 1 to 30923 do if counter = 99 then buff := Concat( buff, 'E' ) else buff := Concat( buff, '1' ); buff := Concat(buff, 'D'); writeln( buff ); foobar := buff; end;
begin testout := foobar; writeln( testout ); end.
(*) which GPC is currently lacking. I wrote a mail about it on 2002-12-14, but there doesn't seem to be much interested from the users.
If I suround a string with other vars they are not getting overwriten wich is a good thing but I still wonder why it did not segfault at 256. I guess it is something I will have to look into when I have more time to dig into it with gdb.
Programming languages have more or less implementation-defined behaviour, but I don't think any language would guarantee a segfault in a certain situation. ;-)
True I don't expect the language to guarantee a segfault under certain situations. I was mustly just testing if I could create a buffer over run. Now how a Hacker would exploit that I don't know. But it does mean that when using strings for input I will have to make sure it does not happen. Mostlikly I will have to use LibC functions to protect against this.
Richard