C has been extensively used for decades. It is a lightweight language and has a small footprint. But unfortunately, it has many security flaws. Programmers moving to C after working with high-level languages such as Java and Python may believe C to be implementing these simple checks provided by higher-level languages. A simple example is, C allows you to write past the defined length of an array where Java would throw an array index out of bound exception.
This article will particularly address issues pertaining to strings. Strings are not a predefined data type rather a sequence of characters terminated by a null character '\0'. But given a string in C you can access memory locations past even the last index. For example, the following code will successfully compile and run:
It doesn't even guarantee to output the same value across multiple runs. The above image is of the output for the same piece of code executed twice, and clearly s[6] is accessible and does not fetch the same value every time.
It doesn't even guarantee to output the same value across multiple runs. The above image is of the output for the same piece of code executed twice, and clearly s[6] is accessible and does not fetch the same value every time.
