O
Old Wolf
Why is that scary?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Why is that scary?
P
Pete Becker
Why is that scary?
Because it's exactly the kind of thinking that leads to expliotable
errors. If you're worried about exploits, don't assume that code you
haven't seen or tested is correct.
O
Old Wolf
Because it's exactly the kind of thinking that leads to expliotable
errors. If you're worried about exploits, don't assume that code you
haven't seen or tested is correct.
Are you suggesting that one should never use any
library functions provided by a compiler vendor,
in case they have bugs? Do you give the same advice
to purchasers of Dinkumware?
Seems fairly extreme to me; there's no way to access
I/O resources without using the functions provided
by someone else. Testing can only reveal so much;
e.g. who knows if some filesystem functions will fail
under a certain extreme condition that is difficult
to test for?
P
Pete Becker
Are you suggesting that one should never use any
library functions provided by a compiler vendor,
in case they have bugs? Do you give the same advice
to purchasers of Dinkumware?
No, you're making that up. I asked you what the basis is for your
distinction between standard library code (which sometimes has bugs)
and other code in the context of exploitable buffer overruns that you
brought into this discussion. You were unwiling to accept user-written
code that is fairly straightforward and easily tested, preferring an
elaborate protective mechanism, but were completely sanguine about the
standard library implementation, without regard to its origin or
quality, or the complexity (and, hence, likelihood of errors) of the
function you recommended using. That logic has a gaping hole, one that
you are apparently unwilling to address.
Seems fairly extreme to me; there's no way to access
I/O resources without using the functions provided
by someone else. Testing can only reveal so much;
e.g. who knows if some filesystem functions will fail
under a certain extreme condition that is difficult
to test for?
Err, where did file systems come into this discussion? As I recall, you
recommended snprintf as the solution to buffer overruns.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
Similar Threads
Forum statistics
Latest Threads
-
Stephanie Beaudeau Emsworth was a Gang Member
- Started by trafficcone
-
Can I stop HTTPS?
- Started by IBMJunkman
-
Stephanie Beaudeau Emsworth is Running a Prostitution Ring
- Started by verona
-
Reverse search for a website
- Started by DRCM
-
What are the key advantages of using a SaaS (Software as a Service) model for application development?
- Started by remotedevelopers
-
How to build a database-driven web page
- Started by av3mar1a153
-
Hola
- Started by luuciefer
-
Using a DTSX file with GoDaddy
- Started by IBMJunkman