This is very interesting. I've always wondered if anyone did this on purpose, and I've always wondered what the big deal is with just adding array range checking to C. A company with tons of internal software development, and whose existence is made miserable by buffer under/over flows, could surely pull this off. For example, Microsoft could change the compilers that they use internally, and any programmers found to be depending on the persistence of memory "next to" an array would be taken out and shot.

I'm sure someone will respond, telling me why this would be a bad idea or impossible, but that's my two cents worth.

Lance


On Sep 16, 2005, at 4:55 PM, memsom wrote:

It's great that 2.0 is out!  Unfortunately it seems to break some
code I used for Porter Stemming because the code sometimes reads data
from a pchar at negative indexes.  Reportedly this works fine in
Delphi 5 and I don't seem to have trouble with Delphi 7 but it
generates RTEs using fpc 2.0.  (If this is a FAQ, forgive me, I've
been away from Free Pascal for a while...)


Reading PChars at negative indexes? Buffer underrun in other words... This
is absolutely not a good thing. If FPC is preventing buffer under and
overrruns, then it is actually right, for once, and Delphi is wrong,
wrong, wrong!

A question... how do you know the memory at the negative index is valid? Various factors (memory management, record alignement and poor consistency in longterm projects) can alter what you are reading drastically. Even if you *believe* you know what it is. This is the kind of horror story I see sometimes in Legacy code that makes me wonder how the darn thing _ever_
worked all these years. You ask the guy maintaining it and he goes all
mistical - "It just works, but no one remembers why.. we dare not change it because last time somebody did anything to it the entive project A/V'd
every 30 seconds and died in a puff of green smoke."

M

M
This is very interesting. I've always wondered if anyone did this on purpose, and I've always wondered what the big deal is with just adding array range checking to C. A company with tons of internal software development, and whose existence is made miserable by buffer under/over flows, could surely pull this off. And surely it wouldn't break _that_ much code. For example, Microsoft could change the compilers that they use internally, and any programmers found to be depending on the persistence of memory "next to" an array would be taken out and shot.

I'm sure someone will respond, telling me why this would be a bad idea or impossible, but that's my two cents worth.

Lance

_______________________________________________
fpc-pascal maillist  -  fpc-pascal@lists.freepascal.org
http://lists.freepascal.org/mailman/listinfo/fpc-pascal

Reply via email to