Re: why the usage of gets() is dangerous.

CBFalconer wrote:
Flash Gordon wrote:
....
So provide such an impossibility then you will have proved your
position.

So here is another. Imagine a routine to upshift a string. One
routine receives a char, and answere with 'this is lower case'. Another receives a char, and answers by replacing it with the upper
case equivalent. Both are passed pointers.

Assuming the original data is a string, the calling routine will
pass something like:

p = &(s[3]); or p = s + 3; (p is parameter)

For the reading routine, there is no harm in allowing reads from (p
- n), where n can be 0 through 3. For the writing routine, this is
not allowable. How do we separate the actions?

Distinguishing readable from writable memory is what 'const' is for. Fat pointers are for bounds checking.

You don't indicate whether s is a pointer or an array. For simplicity, I'll assume that it's an array of N chars. Then when s decays into a pointer, that pointer's limits are set to s and s+N. When s+3 is evaluated, it inherits those same limits, and they are retained when that pointer value is stored in p. As a result, any attempt to calculate p+i for i<-3 or i>N-3 will trigger a failure mechanism. any attempt to evaluate p[i] for i<-3 or i >= N-3 will trigger a failure mechanism, and that's true whether the access is for read or write.
.

Relevant Pages

  • Re: Passing void pointer to p_thread that is a Char
    ... > integer of a different size (char). ... > user-defined start routine. ... > pointer to this start routine (a function that takes a single void* ...
    (comp.lang.c)
  • Re: why the usage of gets() is dangerous.
    ... routine receives a char, and answere with 'this is lower case'. ... Assuming the original data is a string, the calling routine will ... No, a pointer to char was passed, and that is a pointer to a byte within a larger object. ... So go back to DOS because the memory protection in Windows does not work all the time, get rid of lifeboats from cruise ships because sometimes they fail and so on. ...
    (comp.lang.c)
  • Re: why the usage of gets() is dangerous.
    ... routine receives a char, and answere with 'this is lower case'. ... Assuming the original data is a string, the calling routine will ... No, a pointer to char was passed, and that is a pointer to a byte ... So the only way to pass that distinction is through the ...
    (comp.lang.c)
  • Re: why the usage of gets() is dangerous.
    ... routine receives a char, and answere with 'this is lower case'. ... Assuming the original data is a string, the calling routine will ... No, a pointer to char was passed, and that is a pointer to a byte ... However many functions the pointer is passed through there is no additional overhead because it is always valid to access any part of the parent object. ...
    (comp.lang.c)
  • Re: why the usage of gets() is dangerous.
    ... a char, and answers by replacing it with the upper case equivalent. ... Assuming the original data is a string, the calling routine will pass ... if the routine that is not allowed to write has the parameter declared as a pointer to const the compiler will complain about it. ... Someone else has posted a link to an article about a fat pointer implementation of C thus providing strong evidence that such an implementation is possible. ...
    (comp.lang.c)