On 23/07/2009, at 4:25 PM, Alexander Bokovikov wrote:
I can it understand, when viruses send something illegal to a webserver, which has flaws in the request processing routine, but in my case it's an internal function, which, of course, should check the buffer size, but how it could be accessible for a virus?
If it checks the buffer size and the string size, it should be OK. Not all dialects of C have historically supported sizeof() for stack-based buffers but I think all modern ones do. My warning was of a very general nature, and may not apply to your app. But every time you declare buffer space as a stack array, you should mentally consider whether a buffer exploit might be possible there.
--Graham _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
