Evan Martin (evan) wrote in evan_tech,
Evan Martin
evan
evan_tech

in nondefense of C++

Sorry for the C++ comment: I meant it helps with the trivial sort of buffer overflows (strcpy versus strncpy) that I think Microsoft still falls victim to. Daniel Weise (who apparently has left MS now) gave a presentation (590dg class, again) about their extensions to C to have functions allow relating the "char *str" and "int len" arguments and to do some bounds-checking and his amount of success getting Microsoft to use it internally.

There certainly are all sorts for security problems other than that. But I recall IE bugs from stuff like "if you click on a URL [of a certain form] that's too long", which pretty much screams fixed-length buffer to me.
Subscribe

  • sorry, specification!

    Tonight I was talking with a coworker about search quality, and I said something like: "There are so many cases of where there's the right way to do…

  • 10 years of linux

    Somewhere around 10 years ago, a new kid transferred to my school and we became friends. J was was precocious, running an ISP out of his bedroom of…

  • salt

    An old friend of mine classified people as salt or nuts. I realized recently that I think of blogs in the same way: some people just point at other…

  • Post a new comment

    Error

    switch
    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
    Help
  • 0 comments