Evan Martin (evan) wrote in evan_tech,
Evan Martin
evan
evan_tech

in nondefense of C++

Sorry for the C++ comment: I meant it helps with the trivial sort of buffer overflows (strcpy versus strncpy) that I think Microsoft still falls victim to. Daniel Weise (who apparently has left MS now) gave a presentation (590dg class, again) about their extensions to C to have functions allow relating the "char *str" and "int len" arguments and to do some bounds-checking and his amount of success getting Microsoft to use it internally.

There certainly are all sorts for security problems other than that. But I recall IE bugs from stuff like "if you click on a URL [of a certain form] that's too long", which pretty much screams fixed-length buffer to me.
Subscribe
  • Post a new comment

    Error

    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 0 comments