How To Keep Track Of Groups Of Items In Your Application And Help Protect It From Attacks
Vectors and lists have been around since programming languages began. They let you keep track of collections. That means if you want you program to be able to work with more than one thing, you’re going to need a collection. This thing could be numbers, or text, or your own classes. Whatever they are, a collection will help you to keep track of all of them. A game might need to keep track of all the inventory items a player has. A utility app might need to remember all the folders in your file system that it needs to process. And a word processor needs to manage all the pages and paragraphs you type.
When C++ was first getting started, it didn’t have vectors or lists. At least nothing that you could use right away. All the language gave you was arrays.
So what did a lot of developers do? They used what was built in. Arrays are easy to use. And they’re even easier to use wrong which usually ends up making your program an easy target for thieves.
Imagine you need to write a method in a game to read a bunch of locations where the game will put random rewards. The locations are just numbers to make it easy to describe.
This is before vectors and lists were available so you decide to use an array to hold the numbers instead of writing your own class to manage them. The big question is how many numbers do you need to read? With an array, you have to know how big it will be while you’re writing your code.
You do some quick calculations and figure that most games should only have 10 rewards. Nobody would build a game with more rewards because then the game would be too easy to win.
But just to be safe, you decide to double that amount and you write your code so it can handle 20 number items in the array.
Okay, now that you know what the limit is, the next question is how will you know how many numbers are in your array? You have a couple choices. You could either reserve some location value to be out of bounds so it should never be used or you could keep track of the count with another variable outside of the array.
The important thing to realize is that it doesn’t really matter. Both designs are unsafe. Because you’re writing code to work with well behaved input. In other words, your code works well with a game designed to be played.
Thieves and hackers aren’t interested in playing games. They quickly realize that all they need to do is create a game design with more than 20 reward locations and sit back and watch the fun. Maybe they do like games after all.
This is called a buffer overflow. Anytime an attacker can get your code to go beyond a fixed size collection, then your code will start writing values on top of memory that should be used for other things. Such as where your method goes when it finishes. Once an attacker gets this level of control, they can cause your application to do almost anything they want it to.
Sure you could avoid the buffer overflow by checking each time before you write one of the numbers to make sure there’s still room. This is extra code that would often get left out.
Many developers realized that fixed size arrays can be a bad idea so they started writing their own collections that could grow in size when needed. This is even more extra code that really has nothing to do with the purpose of your actual application. And it turns out to be hard to get it right.
That’s why having a reliable collection is so important. It lets you write code that’s safe and has fewer bugs. It becomes harder to write bad code.
When vector and list first appeared, they weren’t part of C++. They were included in a library called the Standard Template Library, or STL. But they were soon added and are now part of the C++ Standard Library. They’re still called STL containers.
Learning how to use them not only save you from having to write your own collections, but it makes your code familiar to other developers. They’re safe because they know when to grow in size automatically so you can’t overflow a fixed size.
This class will show you how to make use of vectors and lists in your code. You’ll learn how to declare them which will show you a little of how templates work too.
The focus is on vector and list and not on templates. But there’s no way to declare a vector or a list without at least a little bit of templates.
You see, a vector has to hold something. I mentioned it holding numbers in the example. But it could hold whatever type you want. It could be strings. Or your own class. Or even other vectors or lists. A template is what lets the C++ language adapt the vector and list code to work with all these different types.
Once you have your collection declared, you’ll need to be able to add things to it. And examine the contents. And find out how big it is.
You’ll learn about iterators that let you navigate from one item in the collection to another item.
And you’ll learn how to remove items and tell if a vector or list is empty.
And finally, you’ll learn when to use a vector and when to use a list. What are their strengths and weaknesses?