Use a String Object to Read Input Safely

Use a String Object to Read Input Safely

One of the common sources for bugs and security risks is using a fixed size char array as a buffer for inputting data. For example:

 char buff[20];cout > buff; // what if user inserts 25 characters?

The problem is that if the user enters a string that has more than 19 characters, a buffer overflow will occur, as the program attempts to write past the end of the array. To avoid such potential bugs, always use a string object instead of a char array:

 string buff;cout > buff; 

A string object automatically allocates memory as necessary. Therefore, a buffer overflow can’t happen in this case.


Share the Post: