Re: Hi I have some hopefully basic questions
From: Attila Feher (attila.feher_at_lmf.ericsson.se)
Date: 10/05/04
- Next message: Attila Feher: "Re: heap question"
- Previous message: Alwyn: "Re: heap question"
- In reply to: Alwyn: "Re: Hi I have some hopefully basic questions"
- Next in thread: Chris \( Val \): "Re: Hi I have some hopefully basic questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 5 Oct 2004 14:41:59 +0300
Alwyn wrote:
> In article <aGP5vIMyUjYBFwND@robinton.demon.co.uk>, Francis Glassborow
> <francis@robinton.demon.co.uk> wrote:
>>
>> And the C Standards committee is currently working on a Technical
>> Report to add a whole bunch of functions to enable safer programming.
>
> One just hopes compiler vendors will embrace them in a timely manner.
> So far, very few, if any, have adopted all the features of C99.
Actually one well known[TM] compiler vendor suggested those changes, based
on existing implementation. If my memory does not fail.
>> For the record gets() is a major source of buffer overrun exploits.
>
> I'm sure it is, but I'm also pretty sure it's not the only one.
> However, the point is taken that 100% safe usage of 'gets' is
> impossible, as one has no way of knowning what the size of the input
> is going to be.
And just quietly: any overflow can result in buffer overruns. For example
when ptrdiff_t is used for indexing structures, and it happens to become
negative...
-- Attila aka WW
- Next message: Attila Feher: "Re: heap question"
- Previous message: Alwyn: "Re: heap question"
- In reply to: Alwyn: "Re: Hi I have some hopefully basic questions"
- Next in thread: Chris \( Val \): "Re: Hi I have some hopefully basic questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
