getline() vs. fgets(): Control memory allocation

My question is: Isn’t that dangerous? What if by accident or malicious intent someone creates a 100GB file with no ‘\n’ byte in it – won’t that make my getline() call allocate an insane amount of memory?

Yes, what you describe is a plausible risk. However,

  • if the program requires loading an entire line into memory at once, then allowing getline() to attempt to do that is not inherently more risky than writing your own code to do it with fgets(); and
  • if you have a program that has such a vulnerability, then you can mitigate the risk by using setrlimit() to limit the total amount of (virtual) memory it can reserve. This can be used to cause it to fail instead of successfully allocating enough memory to interfere with the rest of the system.

Best overall, I’d argue, is to write code that does not require input in units of full lines (all at once) in the first place, but such an approach has its own complexities.

Related Posts:

  1. What does WEXITSTATUS(status) return?
  2. waitpid, wnohang, wuntraced. How do I use these
  3. The difference between n++ and ++n at the end of a while loop? (ANSI C)
  4. Working on code to calculate cosine with factorial sum
  5. warning: implicit declaration of function
  6. Two questions about basic C programs
  7. What exactly is the difference between “pass by reference” in C and in C++?
  8. What does “collect2: error: ld returned 1 exit status” mean?
  9. How to convert an int to string in C?
  10. Floating point exception (core dumped)
  11. what is the difference between uint16_t and unsigned short int incase of 64 bit processor?
  12. Correct format specifier for double in printf
  13. How to convert a string to integer in C?
  14. What is the behavior of integer division?
  15. Awesomium sdk download
  16. What is EOF in the C programming language?
  17. Bad File Descriptor with Linux Socket write() Bad File Descriptor C
  18. What is the difference between char s[] and char *s?
  19. warning: assignment makes integer from pointer without a cast
  20. munmap_chunk(): invalid pointer
  21. printf() formatting for hexadecimal
  22. The importance of c enumeration (typedef enum) [duplicate]
  23. Error “initializer element is not constant” when trying to initialize variable with const
  24. Cannot assign requested address – possible causes?
  25. need help understanding the movzbl call in this function
  26. What is the difference between read and pread in unix?
  27. What does “control reaches end of non-void function” mean?
  28. connect Error: “No route to host”
  29. Undefined reference to pow( ) in C, despite including math.h [duplicate]
  30. C programming, error: called object is not a function or function pointer
  31. How to convert an int to string in C?
  32. warning: implicit declaration of function
  33. Process finished with exit code 11 | Error during malloc [duplicate]
  34. How does wait(NULL) exactly work?
  35. C dynamically growing array
  36. How to replicate vector in c?
  37. Why do I get an assertion failure?
  38. Difference between int32, int, int32_t, int8 and int8_t
  39. C compile error: “Variable-sized object may not be initialized”
  40. Difference between a Structure and a Union
  41. Xcode – Warning: Implicit declaration of function is invalid in C99
  42. Error: control may reach end of non-void function in C
  43. C language: float % float why expression must have integral type
  44. Reading \r (carriage return) vs \n (newline) from console with getc?
  45. lvalue required as left operand of assignment
  46. how to convert negative hexadecimal to decimal
  47. Invalid pointer error on invoking free() after malloc in C
  48. Why am I getting “undefined reference to sqrt” error even though I inclu de math.h header?
  49. How to initialize a struct in accordance with C programming language standards
  50. Expression preceding parentheses?
  51. Linux equivalent of I_PUSH
  52. In C, how should I read a text file and print all strings
  53. Understanding INADDR_ANY for socket programming
  54. What does “Size in TCHARs” means?
  55. The Definitive C Book Guide and List[
  56. When is it a good idea to use strdup (vs malloc / strcpy)
  57. return makes integer from pointer without a cast [-Wint-conversion] return candidate
  58. expression must have integral type
  59. Math constant PI value in C
  60. Why is %c used in C?
  61. How can I use an array of function pointers?
  62. What is Innermost loop in imperfectly nested loops?
  63. What’s wrong with my code? What is argv[1]?
  64. What can cause a “Resource temporarily unavailable” on sock send() command
  65. When and why to use malloc?
  66. How to solve error: expected identifier or ‘(‘
  67. C compile error: Id returned 1 exit status
  68. How do I concatenate const/literal strings in C?
  69. Efficient way to find task_struct by pid
  70. Why am I getting this memory access error ‘double free or corruption’?
  71. size of struct in C
  72. Split string with delimiters in C
  73. How to pause in C?
  74. (.text+0x20): undefined reference to `main’ and undefined reference to function
  75. Why am I getting this error: “data definition has no type or storage class”?
  76. I’m getting “Invalid Initializer”, what am I doing wrong?
  77. How can one print a size_t variable portably using the printf family?
  78. How to make sense of modulo in c
  79. Error: initializer element is not computable at load time
  80. “No such file or directory” error in CodeBlocks
  81. warning: passing argument ’from incompatible pointer type [enabled by default]’
  82. Return a `struct` from a function in C
  83. Uninitialized value was created by a heap allocation
  84. Makefile:1: *** missing separator. Stop
  85. Scanning Multiple inputs from one line using scanf
  86. xorl %eax – Instruction set architecture in IA-32
  87. Which of sprintf/snprintf is more secure?
  88. PTHREAD_MUTEX_INITIALIZER vs pthread_mutex_init ( &mutex, param)
  89. How to concatenate string and int in C?
  90. execvp: bad address error
  91. How detect malloc failure?
  92. A Simple, 2d cross-platform graphics library for c or c++?
  93. Removing last character in C
  94. Dereference void pointer
  95. Use of flag in c?
  96. Carriage return in C?
  97. fgetc(stdin) in a loop is producing strange behaviour
  98. Difference between “while” loop and “do while” loop
  99. Swapping 2 Bytes of Integer
  100. GDB no such file or directory

Leave a Comment