Re: Would this be safe?
From: Anthony Borla (ajborla_at_bigpond.com)
Date: 03/29/05
- Next message: hk_mp5kpdw: "Re: Would this be safe?"
- Previous message: Andrew Koenig: "Re: why does this happen?"
- In reply to: Materialised: "Would this be safe?"
- Next in thread: hk_mp5kpdw: "Re: Would this be safe?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 29 Mar 2005 21:10:22 GMT
"Materialised" <Materialised@privacy.net> wrote in message
news:3atrj5F6dqekeU1@individual.net...
>
> I am new to the C++ world, after spending many years as a
> C programmer. I am attempting to convert a std::string to
> a array of characters (C string), to enable me to send the
> data via a socket. I realise that discussion of none standard
> functions is off topic here, so for the purpose of this
> discussion, lets pretend that is not what I am trying to achieve.
>
> Coming from a C background, I have had it drilled into me
> to always try to avoid buffer overflows especially when dealing
> with arrays of characters. So with this in mind I ask the following
> question:
>
If the aim is to build reliable software [and there is no surreptitious or
secondary intent (perhaps malicious ?)] then they are to be avoided in any
language, on any platform, on any machine architecture.
Many languages provide runtime support for guarding against such
occurrences. Other languages, like C and also C++ do not, so it is up to the
programmer to assume a 'defensive posture', and code in such a way that
their possible occurrence is at least minimised, if not eliminated
altogether.
Simple steps that could be taken in furthering this aim:
* Initialise buffers, filling with 'known' [rather than random]
values. For [sometimes alleged] performance gains reasons
this is sometimes not done
* Use 'safe' library functions e.g. perhaps 'strncpy' rather than
'strcpy'
* Perform 'double checks' when traversing buffers, perhaps
checking for both a delimiter, and using a counter
* Wrap such calls up in another function which places [and
checks for the breaching of] buffer boundary guards
Of course, most introductory programming courses will have at least
mentioned these steps - whether they are later heeded is another matter :) !
>
> Is the code below safe?
>
> #include <iostream>
> #include <cstdio>
> #include <string>
>
> int main (void)
> {
> std::string hello, hello2;
> hello = "This is a C++ String";
>
> std::cout << hello << std::endl;
> const char *cstring = hello.c_str();
> for(int i = 0; i < strlen(cstring); i++){
> if( i == 7)
> printf(" \nn\no\nt\n");
> printf("%c\n", cstring[i]);
> }
>
> hello2 = cstring;
> std::cout << hello2 << std::endl;
>
> return 0;
> }
>
How about if you make an attempt at explaining what the above code is doing,
and post it ? The feedback you receive about your explanation will then
provide you with a guide as to whether your understanding is correct or not.
I think you will find this approach to be a very effective, highly
beneficial, learning technique.
I hope this helps.
Anthony Borla
- Next message: hk_mp5kpdw: "Re: Would this be safe?"
- Previous message: Andrew Koenig: "Re: why does this happen?"
- In reply to: Materialised: "Would this be safe?"
- Next in thread: hk_mp5kpdw: "Re: Would this be safe?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
