Bitdefender marked my code as virus???

Not even kidding.

Wow.

Just saying, this is not the first time I get a false positive like this, previously some China antivirus software marked my Python installation as some virus and quarantined it...but still, it is the very first time happening on my own code.

Compiled with a freshly installed GNU C Compiler for Windows, I don't see anything wrong with it - I mean, I really get false positives for software compiled with Tiny C Compiler, but that might be caused by the compiler itself being kinda old and buggy. The funny part? I have about 5 executables in that folder (they are created for a mini homework assignment), and only this got caught by Bitdefender.

Here's the source code of it - it's not even long. Probably one of the simplest stuff I can get throughout this semester...

#include <stdio.h>

int main() {
    char name[100];

    printf("Your name is: ");
    scanf("%s", name);

    printf("Hello %s.", name);
    return 0;
}

It somehow left me puzzled - how? Antivirus software sometimes loves to pick up their shotgun and cause some chaos but having such naive code causing a false positive is indeed interesting. The only difference between this piece of code and the remaining ones in that folder is that this code uses a scanf to get a string...

Oh, wait...

scanf to get a string

Probably that's the problem here.

---

C is a strange ass language. It is low level enough for you to point to memory locations and edit data directly at their locations - that's what scanf do. Gets your data, and pour it into the specified memory location. Does what it says. But.

The main problem about scanf is, it does not care if you are pouring in the right thing. It just does what it says - pours your input into the memory location. Here's the problem and we're going to visualize it - imagine that you have a trashcan beside your neighbour's house, and you tell a robot to dump 20 million tons of trash into it. Imagine what will happen and that is the exact same thing happening in your computer RAM if I happen to input a little too much data than what I have specified. It just flows out of the location and contaminates things around it.

If you have no idea what this will cause, it means that with certain knowledge of that software, I can overflow it correctly, and make it execute an instruction that is not programmed into it. There was a worm transmitted in this way (it uses gets, but that makes no difference). That's some old exploit present in older software, so probably Bitdefender wanted to keep me safe from them too. Since God knows what will happen if I actually managed to overflow it correctly.

Programming is really a strange thing. Alright, I admit that I should use safer methods such as fgets, but I'm just following the textbook.

:P

See you next time,

--Lilacse