Output of a program

[sonu]

main()
{
char *ptr1,*ptr2;

ptr1=(char*)malloc(sizeof(ptr1));
gets(ptr1);

ptr2=(char*)malloc(sizeof(ptr2));
gets(ptr2);

printf("%s",ptr1);
printf("%s",ptr2);

}

suppose ptr1= aaa bbb ccc ddd eee fff ggg
&
ptr2=kkk


output is :-aaa bbb ccc & kkk

why its not printing complete the first string

Pls any one help me bcoz i need it Urgent

Thanks
sonu

 

[pemo]

main()
{
char *ptr1,*ptr2;

ptr1=(char*)malloc(sizeof(ptr1));
gets(ptr1);

ptr2=(char*)malloc(sizeof(ptr2));
gets(ptr2);

printf("%s",ptr1);
printf("%s",ptr2);

}

suppose ptr1= aaa bbb ccc ddd eee fff ggg
&
ptr2=kkk


output is :-aaa bbb ccc & kkk

why its not printing complete the first string

Pls any one help me bcoz i need it Urgent

You're allocating just enough memory to hold a character pointer, i.e.,
malloc(sizeof(ptr1)) is likely to be something like malloc(4).

If you now enter 'aaa bbb ccc ddd eee fff ggg' and use gets() to read that
into the memory you've allocated, you've over written stuff, and from that
point on, it's not possible to say what the program will do - it's
undefined.

So, you ought to be allocating more memory than you have - try something
like malloc(100), and then use fgets() to read your input lines.

Lastly, main() ought to be int main(void) in your case, you don't need to
cast malloc's return, you should free(ptr1) and ptr2 when you're done with
them, and you should add return 0; [or something like]. You should also
include both stdio.h and stdlib.h if you haven't.

 

[Vladimir S. Oka]

main()

int main(void)

is much better style.

{
char *ptr1,*ptr2;

ptr1=(char*)malloc(sizeof(ptr1));

You've just masked a bug. You did not include <stdlib.h>, and have cast
the return value of `malloc`. Without prototype (in <stdlib.h>) the
compiler has to assume `malloc` returns an `int`, which you then force
into a `char *`. *Never* cast the return value of `malloc`.

Aside from that, you allocate the space for `ptr1` the size of the
pointer to `char` on your implementation. Is this really what you
wanted? Probably not, as you then go on and input "aaa bbb ccc ddd eee
fff ggg" which is most likely much bigger.

Congratulations! You've just created a buffer overflow vulnerability.

gets(ptr1);

ptr2=(char*)malloc(sizeof(ptr2));

Exactly the same problems as above. You manage not to overflow your
buffer (assuming sizeof(char *) >= 4, which is reasonable on modern
hosted implementations), as you input "kkk", which is 4 bytes long
(remember that pesky terminating \0).

gets(ptr2);

printf("%s",ptr1);
printf("%s",ptr2);

Not terminating `printf` with `\n` (or doing `fflush(stdout)`) may
result in nothing at all being output (output is line buffered -- no
end of line, no output, maybe).

}

suppose ptr1= aaa bbb ccc ddd eee fff ggg
&
ptr2=kkk


output is :-aaa bbb ccc & kkk

why its not printing complete the first string

See comments above. BTW, I'm surprised you get the output you claim you
do.

Pls any one help me bcoz i need it Urgent

The only urgent things for you right now would be to go back to your C
text book.

Someone may be able/willing to help you further if you specify exactly
what the code above is supposed to achieve.

 

[sonu]

Thanx pemo

 

[Keith Thompson]

main()
{
char *ptr1,*ptr2;

ptr1=(char*)malloc(sizeof(ptr1));
gets(ptr1);

ptr2=(char*)malloc(sizeof(ptr2));
gets(ptr2);

printf("%s",ptr1);
printf("%s",ptr2);

} [...]
Pls any one help me bcoz i need it Urgent

A few things not yet mentioned in other responses:

Proper indentation is your friend, even for a small program like this
one. See any decent C textbook, or most of the code posted here, for
examples of proper indentation.

Please don't use silly abbreviations like "Pls" for "Please", or
"bcoz" for "because". They only make it more difficult to read what
you write, especially for readers whose native language isn't English.

And finally, never ever ever use gets(). Use fgets() instead.
(You'll need to deal with the '\n' character that fgets() stores in
the string, and with its behavior if the input line is longer than
your buffer.)

 

[Banfa]

And finally, never ever ever use gets(). Use fgets() instead.
(You'll need to deal with the '\n' character that fgets() stores in
the string, and with its behavior if the input line is longer than
your buffer.)

What is the reason that you should "never ever ever use gets(). Use
fgets()"?

 

[Richard Heathfield]

Banfa said:

What is the reason that you should "never ever ever use gets(). Use
fgets()"?

Because you tell fgets how long your buffer is, it can (and does) protect
your buffer against overflow.

You have no way to tell gets how long your buffer is.

 

[A. Sinan Unur]

What is the reason that you should "never ever ever use gets(). Use
fgets()"?

http://c-faq.com/stdio/getsvsfgets.html