What is the difference between char in a function and outside a function?

Question

Ive got 2 example codes, one is safe against buffer overflows even compiled with gcc -fno-stack-protector -fno-pie -m32 save.c -o save

Code of safe program:

#include <stdio.h>

char check[16];

int main(int argc, char **argv) {
    printf("Enter a string: ");
    gets(check);
    printf("%s\n", check);
    printf("Accepted.\n");

}

Code of unsafe (vulnerable) program:

#include <stdio.h>

int main(int argc, char **argv) {
    char check[16];
    printf("Enter a string: ");
    gets(check);
    printf("%s\n", check);
    printf("Accepted.\n");

}

Why is the char outside the program "safe"? (in my case)

Neither programs are safe, because `gets` is an unsafe function. — Pablo, Nov 20 '19 at 18:31
Please, make an effort to fix your spelling mistakes. You wrote "save" instead of "safe" several times. It makes it very hard to read. — Michele Dorigatti, Nov 20 '19 at 18:32
@MicheleDorigatti They're not a native English speaker, give them a break. — Barmar, Nov 20 '19 at 18:32
Why do you think there's a difference in terms of the safety? — Barmar, Nov 20 '19 at 18:33
`gets` is a [dangerous](https://stackoverflow.com/questions/1694036/why-is-the-gets-function-so-dangerous-that-it-should-not-be-used) function that have been removed from the C specification. — Some programmer dude, Nov 20 '19 at 18:34
@Barmar because overflowing the buffer doesnt work in the first case. And sorry for my writing mistakes. — BitFriends, Nov 20 '19 at 18:35
@Someprogrammerdude I posted that comment earlier, but I believe he's using it deliberately to cause a buffer overflow. — Barmar, Nov 20 '19 at 18:35
@BitFriends What do you mean "doesn't work"? It causes undefined behavior, so anything can happen. It might appear to work, it might cause a segmentation error, something else could happen. — Barmar, Nov 20 '19 at 18:36
@Barmar the first one exited completely clean even with overflowing the check char. I ran it with ```strace``` and ```gdb```. Nothing. — BitFriends, Nov 20 '19 at 18:38
@BitFriends Undefined behavior doesn't always cause an error. — Barmar, Nov 20 '19 at 18:38
@Barmar that could be possible. Bunt im just wondering, why those 2 programs acting so "much" different — BitFriends, Nov 20 '19 at 18:40
Because smashing the stack is different from smashing the data segment. — Barmar, Nov 20 '19 at 18:40
It's really unclear what you're asking. The arrays in the two versions are susceptible to overflow by gets() so both are unsafe. Voting to close. — machine_1, Nov 20 '19 at 18:41

tadman · Accepted Answer · 2019-11-20T18:34:18.953

1

In the first case you're declaring a global variable. This is generally a bad habit to get into for a multitude of reasons, many of which you'll discover over time, so it's best to never do that unless you have no other option.

The second case makes it local to main().

Even better is to make a function that performs the get-assign operation and returns char*.

It's worth noting that in both cases nothing about this program is safe as you're using a comically tiny buffer (16 bytes!) and never use a function that's buffer-length limited. gets is one of the worst to use. Consider something else, anything else, even scanf('%15s', &check).

Moving the buffer from one location to another doesn't make it any safer. The problem is with the buffer and how it's used.

edited Nov 20 '19 at 18:34

answered Nov 20 '19 at 18:31

tadman

208,517
23
234
262

2

You're answering the question in the title, not the question in the text. – Barmar Nov 20 '19 at 18:32
2

@Barmar This question is like an onion with layers, apparently. – tadman Nov 20 '19 at 18:33
@Barmar: "Question body" or simply "body" is more descriptive than "text" in this case. – machine_1 Nov 20 '19 at 18:50

What is the difference between char in a function and outside a function?

1 Answers1