Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Lapse416yI think it's ok the way it is, because it's teaching the basics to beginner developers, so even if it isn't safe or perfect as long as it teaches them variables and scanf it's fine by me. Making a "better" version would probably result in more complicated code that beginners wouldn't understand and just copy-paste
-
@Lapse I guess to a degree but why teach scanf in the first place? It's litterally unsafe to use all of the time. And how much harder is printf("%s", name) ? They won't ever write format string vulnerabilities if they are never exposed to it. Honestly if an entire generation of programmers thinks that you MUST pass a hardcoded format string, I really don't think it will become much of an issue.
-
AVGVSTVS1366y@deadPix3l how the hell would that print(array) compile? I am referring to you distinguishing between that and printf("%s", array)..
-
@AVGVSTVS are you simply referring to my inability to add the 'f' in printf()? I fixed it.
Or is there another compilation issue I'm overlooking? Looks good to me. -
AVGVSTVS1366y@deadPix3l I was confused by pseudo-code like argument of print (omitting format specifier thing) together with the typo
-
@AVGVSTVS honestly it's been far too long since I've written real C code so it may be a bit inacurrate.
If you are confused why I left out the "%s" (which is what I interpreted from your response), this is a real thing junior devs are taught, it does compile properly, it interprets the user input as a format string, and is the source of an entire class of very dangerous bugs. My point is we should stop teaching it.
Which makes me want to do more C now. I should. But my life recently has been a lot of python and x86.
Bot which exploits textbook code. Make the world safer, one junior Dev at a time.
Bot which exploits textbook code. Make the world safer, one junior Dev at a time.