Re: Hi I have some hopefully basic questions
From: Attila Feher (attila.feher_at_lmf.ericsson.se)
Date: Tue, 5 Oct 2004 14:41:59 +0300
> In article <aGP5vIMyUjYBFwND@robinton.demon.co.uk>, Francis Glassborow
> <firstname.lastname@example.org> wrote:
>> And the C Standards committee is currently working on a Technical
>> Report to add a whole bunch of functions to enable safer programming.
> One just hopes compiler vendors will embrace them in a timely manner.
> So far, very few, if any, have adopted all the features of C99.
Actually one well known[TM] compiler vendor suggested those changes, based
on existing implementation. If my memory does not fail.
>> For the record gets() is a major source of buffer overrun exploits.
> I'm sure it is, but I'm also pretty sure it's not the only one.
> However, the point is taken that 100% safe usage of 'gets' is
> impossible, as one has no way of knowning what the size of the input
> is going to be.
And just quietly: any overflow can result in buffer overruns. For example
when ptrdiff_t is used for indexing structures, and it happens to become
-- Attila aka WW