[email protected] (Paul Gilmartin) writes: > You have, in the past, deprecated "nanny languages", those which > enforce compile time or run time validity constraints. Yet Wheeler is > praising Pascal for so protecting against security breaches. > > It's as easy in C as in assembler to check for buffer overrun (and > easier in both cases not to check; damn the consequences). C > provides safer versions for many standard library functions: > > o instead of strcpy(), strncpy() > o instead of strcat(), strncat() > o instead of strcmp(), strncmp() > o instead of sprintf(), snprintf() > o instead of gets(), fgets()
re: http://www.garlic.com/~lynn/2013i.html#42 Theology question: Parameter formats it isn't just that the oldtime standard never bothered to check that from string length exceeded target buffer typical C buffer is string array and programmer has to manually manage that buffer length (aka the value used for length). other languages would do the equivalent of the strn functions w/o the programmer manually having to specify the length. there are additional addons for C that track the target buffer lengths to eliminate the numerous *mistakes* ... even with strn operators (since the values have to be filled in). -- virtualization experience starting Jan1968, online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
