Re: Is this C style function well written and thread safe?
On 2007-09-18 00:47:44 -0400, Old Wolf <oldwolf@inspire.net.nz> said:
On Sep 18, 12:20 pm, Pete Becker <p...@versatilecoding.com> wrote:
Because it's exactly the kind of thinking that leads to expliotable
errors. If you're worried about exploits, don't assume that code you
haven't seen or tested is correct.
Are you suggesting that one should never use any
library functions provided by a compiler vendor,
in case they have bugs? Do you give the same advice
to purchasers of Dinkumware?
No, you're making that up. I asked you what the basis is for your
distinction between standard library code (which sometimes has bugs)
and other code in the context of exploitable buffer overruns that you
brought into this discussion. You were unwiling to accept user-written
code that is fairly straightforward and easily tested, preferring an
elaborate protective mechanism, but were completely sanguine about the
standard library implementation, without regard to its origin or
quality, or the complexity (and, hence, likelihood of errors) of the
function you recommended using. That logic has a gaping hole, one that
you are apparently unwilling to address.
Seems fairly extreme to me; there's no way to access
I/O resources without using the functions provided
by someone else. Testing can only reveal so much;
e.g. who knows if some filesystem functions will fail
under a certain extreme condition that is difficult
to test for?
Err, where did file systems come into this discussion? As I recall, you
recommended snprintf as the solution to buffer overruns.
--
Pete
Roundhouse Consulting, Ltd. (www.versatilecoding.com) Author of "The
Standard C++ Library Extensions: a Tutorial and Reference
(www.petebecker.com/tr1book)