Evan Martin (evan) wrote in evan_tech,
Evan Martin
evan
evan_tech

in nondefense of C++

Sorry for the C++ comment: I meant it helps with the trivial sort of buffer overflows (strcpy versus strncpy) that I think Microsoft still falls victim to. Daniel Weise (who apparently has left MS now) gave a presentation (590dg class, again) about their extensions to C to have functions allow relating the "char *str" and "int len" arguments and to do some bounds-checking and his amount of success getting Microsoft to use it internally.

There certainly are all sorts for security problems other than that. But I recall IE bugs from stuff like "if you click on a URL [of a certain form] that's too long", which pretty much screams fixed-length buffer to me.
Subscribe

  • closest computer

    I have a computer in the closet that serves music. I haven't thought much about the computer as I've used it -- I just know it's always available on…

  • fonts on linux

    I wrote a document on how to diagnose font problems on Linux. I would appreciate feedback, corrections, other common misconfigurations, etc.

  • münchen

    On that note: I'm living in Munich for the next week plus a few days. Do I know anyone around here? (PS: The LJ → PubSubHubbub → Reader…

  • Post a new comment

    Error

    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 0 comments