Evan Martin (evan) wrote in evan_tech,
Evan Martin
evan
evan_tech

in nondefense of C++

Sorry for the C++ comment: I meant it helps with the trivial sort of buffer overflows (strcpy versus strncpy) that I think Microsoft still falls victim to. Daniel Weise (who apparently has left MS now) gave a presentation (590dg class, again) about their extensions to C to have functions allow relating the "char *str" and "int len" arguments and to do some bounds-checking and his amount of success getting Microsoft to use it internally.

There certainly are all sorts for security problems other than that. But I recall IE bugs from stuff like "if you click on a URL [of a certain form] that's too long", which pretty much screams fixed-length buffer to me.
Subscribe

  • megaupload captcha

    Someone make a Javascript-based captcha cracker for megaupload. It's strange to see those captchas again because I idly myself wrote a…

  • zombie ghosd

    I was tickled to discover another IBM developerworks article on one of my abandoned hacks and that both it and its predecessor have been translated…

  • gat, a git clone in haskell

    I've been pretty busy with work lately, so I may as well dump this on the internet before it gets too dusty. Though I think I understand Git decently…

  • Post a new comment

    Error

    switch
    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
    Help
  • 0 comments