Re: My own fuction: Access Violation error...

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

I saw the warning about strtok having security issues, but I cannot see where this could
occur, because there are no copies being done. I have read the source code in the
\src\src directory and see no way this could cause a security threat; it appears that
someone blindly pasted the same warning in every str function, whether it made sense or
not.
joe
On Wed, 12 Mar 2008 11:08:28 +0100, "Giovanni Dicanio" <giovanni.dicanio@xxxxxxxxxxx>
wrote:


"Blue Streak" <rdlebreton@xxxxxxxxxxx> ha scritto nel messaggio
news:839f1b64-d4e8-469e-a86e-d005133cf094@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Cannot be helped, old application uses char* all over the place and
I'm not re-writing the *whole* program.

OK, you do want to use char*.

However, I would really suggest to use a robust string class, and avoid
strtok (which has several problems, like exposing code to buffer overruns
attacks, etc.).

You may consider this code for splitting a string into substrings (and I
used std::string, so it is compatible with your need of char *):

<code>

typedef std::vector< std::string > StringList;

//
// Split a string into substrings using delimiters.
//
void Split(
StringList & substrings, // [out]
const std::string & s, // [in]
const std::string & delimiters )// [in]
{
// Clear output parameter
substrings.clear();

//
// Each token in input string is delimited by two "pointers":
// 'begin' and 'end'.
// These "pointers" (indexes in string) are updated during
// string splitting, they are moved scanning input string.
//

// Skip delimiters at beginning (if any)
string::size_type begin = s.find_first_not_of( delimiters, 0 );

// Find first non-delimiter
string::size_type end = s.find_first_of( delimiters, begin );

// Splitting loop
while (end != string::npos || begin != string::npos)
{
// Found a token: add it to the substring vector
substrings.push_back( s.substr( begin, end - begin ) );

// Skip delimiters
begin = s.find_first_not_of( delimiters, end );

// Find next non-delimiter
end = s.find_first_of( delimiters, begin );
}
}

</code>

You can use the Split function like this:

<code>

void TestSplit()
{
std::string input = "Jim Joe Jeff John";
StringList names;
Split( names, input, " ");

// Print substrings
int count = (int)names.size();
for ( int i = 0; i < count; i++ )
{
std::cout << names[i].c_str() << std::endl;
}
}

</code>

HTH,
Giovanni


Joseph M. Newcomer [MVP]
email: newcomer@xxxxxxxxxxxx
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm
.

Relevant Pages

  • Re: reading a file
    ... Although it will make some regulars groan, you could use strtok() to ... break the line into substrings. ... strtokmodifies its input string (replacing ... statsLine array; they are not distinct string instances themselves. ...
    (comp.lang.c)
  • Re: reading a file
    ... Although it will make some regulars groan, you could use strtok() to ... break the line into substrings. ... strtokmodifies its input string (replacing ... statsLine array; they are not distinct string instances themselves. ...
    (comp.lang.c)
  • Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
    ... probably a content-type/file association/command string handling problem. ... padding and added IO checking of a very secure app. ... secure programming language or framework. ... hyperventalating over the security of your own code will ever make it ...
    (Full-Disclosure)
  • Re: WSE 3.0, usernameOverTransportSecurity, custom Token Manager w/ securityTokenManager,
    ... I've added the web service call directly to my Data binding method ... expected but not present in the security header of the incoming ... the username token to the message. ... protected override string AuthenticateToken(UsernameToken token) ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: java.util.Deflater (+Inflater) mit eigenem Dictionary
    ... davon werden jetzt quadratisch wieder Substrings gesucht. ... Strings zu jedem String nur die Anzahlen der Superstrings vergleichen, ... Erstellt einen neuen Eintrag. ... Entry(String text, Entry left, Entry right) { ...
    (de.comp.lang.java)