Without some code examples, it's not clear where the issue is. In particular, how are you getting your data? For example
char buff[10];
scanf("%s", buff);
will overflow your input buffer.
You can tell scanf how long your input buffer is though via
scanf("%9s", buff)
. That's OK, but its then hard to tell if there's any unread data in the input buffer. Better would be to do something like
int valid_date(const char *);
char buff[1024] = "";
while( ! valid_date(buff) )
{
printf("Enter valid date: ":
fgets(buff, 1024, stdin);
char *nl = strchr(buff, '\n');
if( *nl == NULL )
{
char tmp[1024];
do {
fgets(tmp, 1024, stdin)
} while( strchr(tmp, '\n') == NULL );
}
else {
*nl = '\0';
}
}
strcpy(date, buff);
You might also want to check for something like "quit", or "today" or maybe other possible responses, and handle appropriately. The important thing is that you only read a known number of characters from your input source, so you can't get a buffer overflow, and then check that the input is valid. A malicious actor then can't then use a buffer overflow to compromise your program.
Addendum:
Thinking about it, that inner do/while loop isn't strictly necessary, since the outer loop will read the whole input buffer, anyway. But the inner loop does reduce the number of calls to
valid_date()
, which might be expensive. It's almost certainly more expensive than
strchr()
which is probably implemented in efficient assembler (eg. AVX or similar), at least for optimized builds.