here is my simple test:
where is my mistake??
#include "ruby.h"
#include "stdio.h"
static VALUE
tests(){
char *s1="a ";
char *s2=" b";
char *buf;
sprintf(buf,"%s after %s",s1,s2);
printf(buf);
return Qnil;
}
void Init_hello(){
rb_define_global_function("tests",tests,0);
}
--
Posted via http://www.ruby-forum.com/.
Um, you realize you're writing right into a random memory location? If
you're not an experienced C programmer, you may want to reconsider your
project to write a Ruby extension.
On 5/1/07, Haoqi Haoqi <axgle@126.com> wrote:
here is my simple test:
where is my mistake??#include "ruby.h"
#include "stdio.h"
static VALUE
tests(){
char *s1="a ";
char *s2=" b";
char *buf;
sprintf(buf,"%s after %s",s1,s2);
printf(buf);
return Qnil;
}
void Init_hello(){
rb_define_global_function("tests",tests,0);
}
In article <9d71df8a63af2a669698ea94c2a5111c@ruby-forum.com> Haoqi
Haoqi <axgle@126.com> wrote:
here is my simple test:
where is my mistake??#include "ruby.h"
#include "stdio.h"
static VALUE
tests(){
char *s1="a ";
char *s2=" b";
char *buf;
sprintf(buf,"%s after %s",s1,s2);
printf(buf);
return Qnil;
}
void Init_hello(){
rb_define_global_function("tests",tests,0);
}
I guess your problem is that buf is an uninitialized pointer pointing to an
arbitrary memory location. If you declare it like this
char buf[200]
your program should work.
--
I'm trying a new usenet client for Mac, Nemo OS X.
You can download it at http://www.malcom-mac.com/nemo
Right about here.
"buf" is a pointer.
Where, exactly, do you think it points? Have you told the compiler to point
it AT anything?
-s
In message <9d71df8a63af2a669698ea94c2a5111c@ruby-forum.com>, Haoqi Haoqi writes:
here is my simple test:
where is my mistake??
#include "ruby.h"
#include "stdio.h"
static VALUE
tests(){
char *s1="a ";
char *s2=" b";
char *buf;
sprintf(buf,"%s after %s",s1,s2);
You have to be very careful when working with c. The code above has a
couple of classic security vulnerabilities.
Since you are not dealing with user-controlled buffers, it's not that big of
a deal, but here's a couple tips:
1) in general, don't use sprintf. use snprintf().
char * s1 = "a ";
char * s2 = "b ";
char buf[1024];
snprintf(buf,sizeof(buf),"%s after %s",s1,s2);
2) always use a string literal as the format string to functions which take
them ( printf() , snprintf() , etc... ):
printf("%s",buf);
If you're interested in what can be done if these errors are made, check out
these papers:
http://doc.bughunter.net/buffer-overflow/smash-stack.html
http://doc.bughunter.net/format-string/exploit-fs.html
-Adam
On 5/1/07, Haoqi Haoqi <axgle@126.com> wrote:
here is my simple test:
where is my mistake??#include "ruby.h"
#include "stdio.h"
static VALUE
tests(){
char *s1="a ";
char *s2=" b";
char *buf;
sprintf(buf,"%s after %s",s1,s2);
printf(buf);
return Qnil;
}
void Init_hello(){
rb_define_global_function("tests",tests,0);
}
Francis Cianfrocca wrote:
On 5/1/07, Haoqi Haoqi <axgle@126.com> wrote:
char *buf;
sprintf(buf,"%s after %s",s1,s2);
printf(buf);
return Qnil;
}
void Init_hello(){
rb_define_global_function("tests",tests,0);
}Um, you realize you're writing right into a random memory location? If
you're not an experienced C programmer, you may want to reconsider your
project to write a Ruby extension.
I am not an experienced C programmer,and just learn to write a Ruby
extension with c.
--
Posted via http://www.ruby-forum.com/\.
Maik Schmidt wrote:
In article <9d71df8a63af2a669698ea94c2a5111c@ruby-forum.com> Haoqi
sprintf(buf,"%s after %s",s1,s2);
printf(buf);
return Qnil;
}
void Init_hello(){
rb_define_global_function("tests",tests,0);
}I guess your problem is that buf is an uninitialized pointer pointing to
an
arbitrary memory location. If you declare it like this
char buf[200]
your program should work.
Oh,Yes,Thank you very much!~
C:\ext\1>ruby client.rb
a after b
You have to be very careful when working with c. The code above has a
couple of classic security vulnerabilities.
Have there been any studies on the security implications of using Ruby?
Thanks for the links Adam.
On 5/1/07, Adam Bozanich <adam.boz@gmail.com> wrote:
On 5/1/07, Haoqi Haoqi <axgle@126.com> wrote:
>
> here is my simple test:
> where is my mistake??
>
> #include "ruby.h"
> #include "stdio.h"
> static VALUE
> tests(){
> char *s1="a ";
> char *s2=" b";
> char *buf;
> sprintf(buf,"%s after %s",s1,s2);
> printf(buf);
> return Qnil;
> }
> void Init_hello(){
> rb_define_global_function("tests",tests,0);
> }You have to be very careful when working with c. The code above has a
couple of classic security vulnerabilities.Since you are not dealing with user-controlled buffers, it's not that big of
a deal, but here's a couple tips:1) in general, don't use sprintf. use snprintf().
char * s1 = "a ";
char * s2 = "b ";
char buf[1024];
snprintf(buf,sizeof(buf),"%s after %s",s1,s2);2) always use a string literal as the format string to functions which take
them ( printf() , snprintf() , etc... ):printf("%s",buf);
If you're interested in what can be done if these errors are made, check out
these papers:http://doc.bughunter.net/buffer-overflow/smash-stack.html
http://doc.bughunter.net/format-string/exploit-fs.html
--
gnufied
Don't.
I consider myself a reasonably experienced C programmer, and I'd still
want to be sure I was brushed up and current before trying to write an
extension plugin. Even in a well-planned environment, writing plugins
is on the heavy-duty end.
Seriously, just don't. Hire someone. Write it in pure Ruby.
Or... Budget 3-6 months to learn C well enough to do it competently.
-s
In message <f025162e5afe1e9c3304d79581fc4f24@ruby-forum.com>, Haoqi Haoqi writes:
I am not an experienced C programmer,and just learn to write a Ruby
extension with c.
I'll disagree somewhat here. There are things C does much faster than Ruby
does. Application performance is not everything, but there are cases where
moving code to a C extension makes the difference between being able to use
ruby and not being able to.
Writing an extension in C is, to me, much easier than learning C by itself,
because there are a bunch of things that you can let ruby handle that are
just a pain in C (mainly I/O things).
On 5/1/07, Peter Seebach <seebs@seebs.net> wrote:
In message <f025162e5afe1e9c3304d79581fc4f24@ruby-forum.com>, Haoqi Haoqi > writes:
>I am not an experienced C programmer,and just learn to write a Ruby
>extension with c.Don't.
I consider myself a reasonably experienced C programmer, and I'd still
want to be sure I was brushed up and current before trying to write an
extension plugin. Even in a well-planned environment, writing plugins
is on the heavy-duty end.Seriously, just don't. Hire someone. Write it in pure Ruby.
Or... Budget 3-6 months to learn C well enough to do it competently.
-s