Re: Comparing string input to enum data type
- From: Yevgen Muntyan <muntyan.removethis@xxxxxxxx>
- Date: Wed, 28 Feb 2007 21:39:42 GMT
Keith Thompson wrote:
"Bill Pursell" <bill.pursell@xxxxxxxxx> writes:On Feb 27, 10:17 pm, Keith Thompson <k...@xxxxxxx> wrote:"Bill Pursell" <bill.purs...@xxxxxxxxx> writes:Just a general tendency to refrain from usingif( 0 == strncmp("red", a, sizeof "red") )Why not just strcmp("red", a)?
c = red;
else if ...
strcmp. In this case, since one of the strings is
fixed, there's no security issue with strcmp (until
the code maintainer modifies the code...),
but I believe it's a good habit to use the strncmp
variant.
strcmp() is a security problem only if one of the arguments isn't a
null-terminated string. I'd be more afraid of getting the strncmp()
arguments wrong than of passing bad values to strcmp().
Absolutely. I have actually seen code like
if (strncmp (foo, "blah", 4) == 0)
which was *meant* to compare foo to "blah" (i.e. do what strcmp()
does). And the form used here is totally bad, since it breaks
if string literal is replaced with a pointer or an array which
isn't exactly "red".
strncmp ("red", foo, strlen ("red") + 1)
would be safer, but then if foo is not zero-terminated, it could
as well go outside foo, so the safer would be
strncmp ("red", foo, MAX (strlen ("red") + 1, max_len_of_foo))
which is totally ridiculous.
Yevgen
.
- References:
- Comparing string input to enum data type
- From: dtschoepe@xxxxxxxxx
- Re: Comparing string input to enum data type
- From: Bill Pursell
- Re: Comparing string input to enum data type
- From: Keith Thompson
- Re: Comparing string input to enum data type
- From: Bill Pursell
- Re: Comparing string input to enum data type
- From: Keith Thompson
- Comparing string input to enum data type
- Prev by Date: Re: Source Code for C Unleashed
- Next by Date: Re: significance of graphics in c
- Previous by thread: Re: Comparing string input to enum data type
- Next by thread: Re: Comparing string input to enum data type
- Index(es):
Relevant Pages
|
