[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: Rep:Rep:Re: Rep:Re: [f-cpu] Stack handling



Wednesday, July 24, 2002, 7:21:47 PM, you wrote:

>> I might be missing the point here, but why can’t we
>> just check the input of a program ? (like everybody
>> used to do in basic)
>> Is it so hard to check the size of something before
>> its put into a buffer ?
> Ask a programmer. Most of them refuse to (or are not aware of the
> problem at all).

</lurk>

Personally I do error checking wherever possible. I think it's a lot
of fun to write error messages that will probably never be seen by a
human - but who cares. Some guys don't put that much effort into their
programs and are happy are soon as the program works within their
expected operational limits.

IMHO Zero terminated strings are the root of all evil. Explicit length
specification would require an additional parameter per passed string
(that seems to be a pain in the a** for some guys) but seems to be
getting more popular (at least in the newer functions in the Windows
API some functions require you to pass pointer to a string and the
length). That makes it far more easier to check for buffer overflows
(but still needs extra code to be written what most programmers tend
to avoid if possible). From that point of view it is indeed very hard
to check buffer sizes (at least in C)... however, I wouldn't encourage
that behaviour so don't let the CPU do things which the programmer
has to take care of.

just my 2 cents

<lurk>

*************************************************************
To unsubscribe, send an e-mail to majordomo@seul.org with
unsubscribe f-cpu       in the body. http://f-cpu.seul.org/