1

Possible Duplicate:
segmentation fault using scanf

I am trying to run a C program wherein I accept password from the user and then output it. However, when I run the program I get a message called "Segmentation Fault (core dumped)". I know that this fault occurs where the array seems to exceed the stack size but I am unable to figure out where I am wrong. Any help is appreciated. The code is as follows:

int main(int argc, char *argv[])
{
    int i = 0;
    char *password, *key;

int keylength = 256;

    printf("\nPlease enter a password: ");
    scanf(" %[^\n]", &password);
    printf("Entered password is: %s", password);
    return 0;
}
Community
  • 1
  • 1
TheRookierLearner
  • 3,643
  • 8
  • 35
  • 53

3 Answers3

7

You're not allocating any memory for password. It's just an uninitialized pointer. In C you always need to make sure that your pointers point to a valid allocated memory buffer before using them. Using an uninitialized pointer causes undefined behavior, which usually results in crashes.

Allocate memory for password by either (1) declaring password as a stack array:

char password[1024];

or (2), allocate a memory buffer using malloc:

char *password = malloc(1024);

If you use malloc, remember that anything you allocate with malloc must be deallocated with a corresponding call to free.

Also, in the code you posted, when you pass your buffer to scanf, you're taking the address of the pointer itself when you say &password. What you want to do is simply pass the pointer (which is a memory address referring to your allocated buffer), like:

scanf(" %[^\n]", password);

Notice there is no & before password. You don't need it because password is a pointer. Placing the & before password means you're passing a pointer to a pointer, which is not what you want.

Finally, be aware that when programming in C, buffer overflows are a constant danger. scanf does not do anything to prevent the user of your program from entering more data than can fit in the buffer. If this happens, a buffer overflow occurs and your program will exhibit undefined behavior (and probably crash). There are safer ways to take string input from a user, such as fgets.

Charles Salvia
  • 52,325
  • 13
  • 128
  • 140
  • I like this one. Maybe you could write about the problems we get from the fact that password is fixed length and a user of the program might enter an arbitrary amount of bytes? (I _am_ aware that this is a beginners question. And thats why it's important that you mention it) – Jonas Schäfer Jan 24 '13 at 17:45
2

password is an unitialized pointer. He cannot hold any string. Attempt to write into this variable leads to an undefined behavior. Here are two solutions:

char password[SIZE];

/* or */

char *password = malloc(size);
md5
  • 23,373
  • 3
  • 44
  • 93
1

You have created the pointer password, but you never initialized it.

This means the pointer contains a random value, whatever happened to be on the stack in this case. When you dereference the pointer, you are trying to access memory at that random address. This will never be what you want, and is very likely to cause problems such as segmentation faults.

Jonathan Wood
  • 65,341
  • 71
  • 269
  • 466