Is it good idea to pass uninitialized variable to srand?

前端未结

关注

 5  2107

醉梦人生 2021-01-20 02:19

Is it good idea to pass uninitialized variable to srand instead of result of time(NULL)?
It is one #include and one function call

5条回答

忘掉有多难 (楼主)

2021-01-20 02:33

Another point is that uninitialized variables can result in a vulnerability. So it is not only bad design and undefined behaviour, it also can make your program exploitable.

Consider this code:

#include 
#include 

void print_uninitialized(void) {
    unsigned var;
    printf("%u\n", var);
}

void fake_init() {
    unsigned var=42;
}

int main(void) {
    print_uninitialized();
    fake_init();
    print_uninitialized();
}

Possible output:

0
42

The next example is a bit more realistic:

#include 

unsigned uninitialized( void ) {
    unsigned var;
    return var;
}

unsigned square(unsigned arg){
    unsigned result=arg*arg;
    return result;
}

int main( void ) {
    unsigned to_square;
    printf("UNINITIALIZED = %u\n", uninitialized());
    while(scanf("%u", &to_square)!=EOF){
        printf("%u * %u = %u\n", to_square, to_square, square(to_square));
        printf("UNITNITIALIZED = %u\n", uninitialized());
    }
}

The uninitialized variable can be modified by a user.

Input:

Output:

UNINITIALIZED = 0
2 * 2 = 4
UNITNITIALIZED = 4

0 讨论(0)

查看其它5个回答