Run X right
Understand that C lets you do everything, and requires you to take responsibility for everything. This is both a positive and a negative point of language. She is close to Assembly. So just not "working" what has no way to work.
But working and being right are very different things, I live talking about it and almost nobody listens. In C is even more important. You have to know every detail of the language before you use it correctly. "I’ve heard it" doesn’t work well with C, you have to learn right.
Scanf()
First of all understand that scanf()
is something useful and in some applications it can be used smoothly, but the function is not used for more serious applications that need validation. Or is used only as part of a larger algorithm.
One of the problems is that you can type anything and it accepts. It has some means to control, but they are not always sufficient, and are almost always not used in simple examples. So it is easy to corrupt memory because the function writes up in not reserved location for the variable, after all C allows "all".
Using it too much in a simple example can give the idea that it is what will be used in real applications.
Declared variables
The two statements of variables work, but are wrong, they do not reserve space for the object string, that is to say, it does not have a memory location available for the character sequence it is intended to store. You only have a memory address for somewhere, but that place is not set and reserved. To better understand read What are and where are the "stack" and "heap"?.
The first declaration should make room for the string in stack, but the placeholder is 0. Either you would need to put the size to be reserved in the brackets, or you would have to put a string of characters of the desired size (the compiler counts how many are).
The second declaration should make room for the string in the heap (probably), but this was not even tried. The correct would be to call the function malloc()
requesting memory for the operating system (or the internal system) and returning the address of this placeholder.
The size value used will only hold memory, will not impose any limit on anything in C. If your code tries to write outside of this reserved area, it will work. But it will give you a huge problem, losing data, locking the application (if you’re lucky) or opening security gaps, since it’s not the right one.
Something like this works and is almost certain (it is not yet 100% safe code):
#include <stdio.h>
#include <stdlib.h>
int main() {
char TextoUm[10]; //note a mudança aqui
char *TextoDois = malloc(10); //note a mudança aqui
printf("Digite um nome para \"TextoUm\":\n");
scanf("%s", TextoUm);
printf("O texto digitado foi: %s", TextoUm);
printf("\nDigite um nome para \"TextoDois\":\n");
scanf("%s", TextoDois);
printf("O texto digitado foi: %s", TextoDois);
}
Behold working in the ideone. And in the repl it.. Also put on the Github for future reference.
As in his code nothing had been reserved in the heap he picked up a wrong address (where the ""
) and that address caused a memory error by not being able to write to it (it is a protected memory area).
Then you can use char
, but has to initialize correctly. The error is not scanf()
, he’s just the symptom that something was done wrong before.
In the array of char
it seems that it worked correctly, but only by coincidence and because it is an exercise, if it were a real application, it would be more problematic. It’s a worse mistake because it hasn’t been detected.
Completion
I take this opportunity to say that array looks like pointer but it’s not the same thing.
There are other points on the subject, but this cannot turn into a full tutorial. In fact I’ve already answered here on the site about all that you’re learning. Just search or look at my profile. Other people have answered as well. Examples:
Thank you very much for the excellent answer. I came to think that as the first
scanf
saved the string in the array, thescanf
automatically set/reset the allocation size for the string, based on the amount of characters it received from the user. Now I see that this is not so easy :). Nor did I suspect that hackers would exploit this buffer overflow, and that it is related to my problem withscanf
... thank you very much again.– Rogerio Souza