Buffer Overruns other C Gotchas -- "Coders at Work"

  • Thread starter Casey Hawthorne
  • Start date
K

Kenny McCormack

Keith "Kiki" Thompson said:
Did you notice that the original article begins with "I thought of
this question", and then doesn't ask a question?

The word "question" has a broader and deeper meaning (in English or any
other languguage) than simple "high school exam" level Q&A. I.e., not
all uses of the word correspond to the simplistic notion
(Q: "What is 2+2?" A:"4") that appeals to the regs of this ng.

Think of it this way: The general question facing C programmers today is
well known, but it doesn't fit the above model. The general question is
"Can C survive? - in the modern computing world - in the face of
competition from obviously safer languages" (with the subtext of "Can I
continue to earn my keep doing it?")

That's what I took to be the implied question in the OP's mind. It was
not necessary for him to state it explicitly.
 
J

jacob navia

(e-mail address removed) a écrit :
For the gazillionth time, a *potential* buffer overrun is specified.
Any code that would trigger that buffer overrun is *incorrect*.


Strangely enough, all the shouting I've done at my TV set hasn't
improved the quality of the shows, either.


The range is specified by the code that you keep insisting is broken.
However, the latest draft (N1401) now spells it out explicitly (and more
restrictively):

If any of the fields of the broken-down time contain values that
are outside their normal ranges, the behavior of the asctime
function is undefined. Likewise, if the calculated year exceeds
four digits or is less than the year 1000, the behavior is
undefined.

Well, this is REALLY A GOOD NEWS!!!!!

I did not see any announcements for N1401 in comp.std.c, so I wasn't aware of its
existence. I am REALLY glad the committee has at last changed and that
all this discussions weren't just wasted time. I was getting REALLY depressed.

Thanks a lot to you for this great news.

You'll be happy to know that the committee just voted (unanimously, as
it turns out) to remove gets() from the draft as well.


YES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


This is at last some real progress.
So what are you going to complain about now?

Dam!!!

I lost my best complaining points!

:)
 
K

Keith Thompson

Seebs said:
Perhaps true now. It's not totally obvious to me that this was true of,
say, C99 -- there, I don't see anything wrong with a year 10K.

I believe it is. A year 10K causes the behavior of the algorithm
presented in the standard to be undefined. C99 is IMHO insufficiently
explicit about this, but I see no ambiguity.

Woohoo!
 
L

lawrence.jones

Keith Thompson said:
Actually, it says "the behavior of asctime function is undefined";
there's a missing "the", at least in my PDF copy.

Oops. At least I spelled "September" correctly this time. :)

Thanks for the correction.
 
S

Seebs

I don't think so. Nilges goes back well over a decade.

They don't seem very similar to me. I don't particularly agree with Kenny's
premises, but he is coherent if you grant them for the sake of argument.

-s
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,900
Latest member
Nell636132

Latest Threads

Top