after compiling the example ex17.c you are able to provide it with command line args such as
./ex17 db.dat l
if you enter a valid number (1-99) it returns results as expected. If you enter 100, it informs you there aren’t that many records (as expected). If you provide a sufficiently large number (100000000000000000000000000000000000000) the integers overflows, and the program will still return a list of the records.
How do we prevent this? we already check MAX_ROWS but that isn’t preventing this vulnerability