Re: Hi I have some hopefully basic questions

From: Attila Feher (attila.feher_at_lmf.ericsson.se)
Date: 10/05/04


Date: Tue, 5 Oct 2004 14:41:59 +0300

Alwyn wrote:
> In article <aGP5vIMyUjYBFwND@robinton.demon.co.uk>, Francis Glassborow
> <francis@robinton.demon.co.uk> wrote:
>>
>> And the C Standards committee is currently working on a Technical
>> Report to add a whole bunch of functions to enable safer programming.
>
> One just hopes compiler vendors will embrace them in a timely manner.
> So far, very few, if any, have adopted all the features of C99.

Actually one well known[TM] compiler vendor suggested those changes, based
on existing implementation. If my memory does not fail.

>> For the record gets() is a major source of buffer overrun exploits.
>
> I'm sure it is, but I'm also pretty sure it's not the only one.
> However, the point is taken that 100% safe usage of 'gets' is
> impossible, as one has no way of knowning what the size of the input
> is going to be.

And just quietly: any overflow can result in buffer overruns. For example
when ptrdiff_t is used for indexing structures, and it happens to become
negative...

--
Attila aka WW