Several ideas about C/C ++

Source: Internet
Author: User

I have been familiar with this language for several years since I learned the C language. I dare not say how proficient I am. This article will explain several problems I have encountered in the past.

1. Understand the security risks of C language.

First, let's look at a simple example.

 

int nData = 50;char szBuf[20]; memset(szBuf,0,20);strcpy(szBuf,(const char*)&nData);

Our common strcpy functions are generally used to copy strings, but here we copy an integer, resulting in unpredictable results, and suddenly think of another function for copying memcpy. It can copy any type of memory read/write blocks. Let's take an example.

char szBuf[20]; memset(szBuf,0,20);char szSrc[] = "zhouxuguang,hello world!";memcpy(szBuf,szSrc,strlen(szSrc));

In the above Code, szbuf only has 20 bytes of memory space in total. However, szsrc occupies more than 20 bytes of memory space, which may cause a buffer overflow until the program crashes. Therefore, C-language functions generally do not check parameters. The purpose of doing so is to maintain high efficiency, but it also brings security risks, as long as we notice this in programming.

2. Traps brought by Data Types

In programming, many people may only focus on algorithm and process control, and seldom focus on the traps set for you by data types. If I become an IT company interviewer one day, I may give the applicant the following questions.

Use the C language library function strlen to write a function to compare the length of two strings. The function prototype is bool strcompare (char * szone, char * Another );. The applicant may say, ah, aren't you playing with me? Should I write such a simple function? Let's not talk about this much. Let's take a look at several answers first.

The first answer:

bool strCompare(char* szOne,char* anOther){return strlen(szOne)-strlen(anOther) >= 0;}

The second answer:

bool strCompare(char* szOne,char* anOther){return strlen(szOne) >= strlen(anOther);}

Third answer:

bool strCompare(char* szOne,char* anOther){assert((NULL != szOne) && (NULL != anOther));return strlen(szOne) >= strlen(anOther);}

After reading the above three answers, which one is right, which one is wrong, or all have problems?

Is it easy to write it out? I want to ask, are you sure there are no errors?

First, let's get to know a data type, size_t. This data type should not be unfamiliar. It has been seen in many C language library functions and STL. It is actually an unsigned int under Win32. After talking about the nonsense for a long time, why isn't it important? Don't worry. Let's take a look at what strlen's return type is, just size_t. Suppose strlen (szone) is better than strlen (another ), the result of subtraction is a negative number in mathematics. However, unsigned cannot represent a negative number. The final result is a large number, which is equal to 0. Therefore, this function is used to return true.

Then the second function will not produce such a problem. Although it has been improved, the parameter is not checked. If one of the added parameters is null, the program will crash.

Therefore, the third function checks the parameters based on the second function.

3. Use pre-closed and post-open for loop as much as possible

In programming languages, for loops are widely used. Most of the algorithms are written with for loops. Some people may think that the for loop is useless, but it is not that easy to understand. Let's look at an example.

long sumArr(int* arr,unsigned nCount){long sum = 0;for (unsigned i = 0; i <= nCount-1; i++){sum += arr[i];}return sum;}

The above code has any problems. If you don't take a closer look, you can't see any problems. First of all, it is certain that there is a problem with the array and function computed above. First, when ncount is 0, then in the for loop I <= nCount-1 is always true, Why, look at the second point I analyzed above. The unsigned maximum value is obtained after the unsigned number is 0 minus 1, leading to illegal access to the array arr and program crash. Then the modification method can change ncount to int type, you can also change I <= nCount-1 to I <= ncount. Therefore, we recommend that you use the pre-closed and post-open intervals.

I have written so much today and will update this article later.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.