C Language Risk function

The definition string is automatically added to the rear. char *p = "Hello";
for (i=0;i<7;i++)
{
printf ("%d\n", P[i]);
} 104 101 108 108 111 0 115

Note the hazard function:
1, the Dangerous function gets () function, should use Fgets ()Char *gets (char *__s) Read the string from standard input using char *fgets (char *s, int size, FILE *stream), where the second parameter uses the size of buf, and the Fgets function guarantees that the last byte is ' "and does not cross.

#include <stdio.h>
#include <string.h>

void Main ()
{
Char Buf[5] = {0};
int i = 0;

Fgets (Buf,5,stdin);
printf ("buf =%s\n", buf);
for (i=0;i<5;i++)
{
printf ("buf[0] =%d\n", buf[i]);
}
}
2, scanf very dangerous prohibit the use of int scanf (const char *__restrict __format, ...) When the program enters a string, if the input string exceeds the specified length, the program crashes, causes an overflow error to use fgets, and then resolves the string itself.
3, sscanfVery dangerous limit the use of sscanf (const char *__restrict __s, const char *__restrict __format, ...) also has an overflow problem. It is recommended that you use strlcpy, Strtol, Atoi, and so on to resolve, especially if%s is not used in the SSCANF format parameter
4, sprintfIt's dangerous. Prohibit the use of int sprintf (char *__restrict __s, const char *__restrict __format, ...); if S is less than the size of the string to be written, it will exceed the size of s, causing a memory overflow.
Using the int snprintf (char *str, size_t size, const char *format, ...) size to be equal to the size of STR, such as Char Str[5],size=5, STR[0]-STR[3] stores the formatted String, str[4], if size=6, will report a memory overflow, if the size=4, no error, but less, and will be in the str[3] place ""; the snprintf function is a more secure version of the sprintf function, The string overflow is prevented by considering the number of bytes in the string. The function is: int snprintf (char *restrict buf, size_t N, const char * restrict format, ...);. Copy the n-1 characters from the source string up to the target string, and then add a 0 to the back. So if the target string is n, it will not overflow.
The role of size is to limit the write to Str no more than the size byte (including the ending '/0 '). Since the sprintf () function returns the number of bytes successfully written (the number of characters) if successful, I always assume that the snprintf () function is the same, that is, the snprintf () function does not return integers greater than size. Look at the following section of the manual: The Functions snprintf () and vsnprintf () does not write more than size bytes (including the trailing '/0 '). If the output was truncated due to this limit then the return value is the number of characters (not including the Traili  Ng '/0 ') which would have been written to the final string if enough spaces had been. Thus, a return value of of size or more means that's output was truncated. If the output is truncated because of the size limit, the return value will be "the number of characters (excluding the '/0 ') that should be able to output if there is enough space to be stored, which is equal to size or larger than size." That is, if the string that can be written is "0123456789ABCDEF" 16 bits, but the size limit is 10, so the return value of snprintf () will be 16 instead of 10. The above also says that if the return value is equal to or greater than size, the output string is truncated (truncated).
5. vsprintf is dangerous. Use of int vsnprintf (char *str, size_t size, const char *format,va_list AP) is prohibited

6, strcpyIt's dangerous. Prohibit the use of Char *strcpy (char *__restrict __dest, const char *__restrict __src) There is no guarantee dest size &GT;STR size, if exceeded, would be dangerous. Char *strncpy (char *__restrict __dest, const char *__restrict __src, size_t __n) Specifies the length of SRC, and if the length of SRC is greater than N, then the dest string will not be 0 The ending. strncpy use of strlcpy is recommended for hazard restriction. STRNCPY cannot guarantee that the last character is ' yes ', and other code is required to set the string Terminator ' "to ' use size_t strlcpy (char *dest, const char *SRC, size_t size), and the strlcpy function guarantees the last The byte is ' yes ' and does not cross, the standard C library is not implemented, but we have implementation in the SWOS library, uclibc. It is particularly necessary to note that the last parameter of the strlcpy is the size of the target buffer sizeof (dest), not strlen (SRC).

7, StrcatIt's dangerous. Prohibit the use of Char *strcat (char *__restrict __dest, const char *__restrict __src) If src+dest>dest, an overflow occurs. Char *strncat (char *__restrict __dest, const char *__restrict __src, size_t __n)//If the src+n+dest is greater than the dest space, it will not end with 0.
Using char *strlcat (char *dest, const char *SRC, size_t N), the Strlcat function guarantees that the last byte is ' yes ' and does not go out of bounds, but the function is not implemented in standard C library, but we have implementations in the SWOS library, UCLI There are implementations in BC. It is particularly necessary to note that the last parameter of the STRLCAT is the size of the target buffer sizeof (dest), not strlen (SRC).

8, the danger of strdup use char *strdup (const char *__s); StrDup The returned pointer, you need to invoke the free function to release it. StrDup function will malloc a piece of memory and return, need to go to free callers, more easily forget free, resulting in memory leaks. char *
__strdup (const char *s)
{
size_t len = strlen (s) + 1;
void *new = malloc (len);

if (new = NULL)
return NULL;

Return (char *) memcpy (new, S, Len);
}
9, BcopyThe use of very useful functions is prohibited in dangerous, it is recommended to use memcpy or strlcpy.

10, SystemThe use of swsyscmd or direct use of C library functions is prohibited in dangerous use. The system function needs to inherit the environment space of the current process, and if the current process is large, the larger the space required, and the system commands will not be executed when there is not enough memory.
Special attention Items:
A. For memcpy, Memset, strlcpy, Strlcat Make sure that the size you pass in cannot exceed the size of the destination buffer.
B. Almost all C library functions do not judge null pointers, so the parameter pointers we pass in need to be sure that they are not null.
C. Using the Str family function It is necessary to note that the Str family function can only handle text data with a string terminator, and that for encryption, digital signatures and so on will produce non text data processing cannot use the STR family function, should use the Mem family function.