On Sat, 18 Dec 2004 09:58:19 +0900 Carsten Haitzler (The Rasterman) <[EMAIL PROTECTED]> claimed: > thanks kim :) couldn't have said it better :) as an addition - beware > of the notion that just because you go use strncmp (or some strn > function) doesn't suddenly make your code safe. its a notion the very > inexperienced get if they just go read some book or advice column > saying they should use strn... the only way to do this is sit back and > THINK of the input, output and possible errors and cover them in the > code. that always requires sitting and thinking about it:) so just > beware. it's not a fix. it's a pitfall of making you THINK you're safe > when you really are no safer than before.
It's true that you can write bad and unsafe code with any set of
functions, and doing something like using the strn set rather than the
str functions doesn't automatically make code safe. That doesn't
invalidate the value of using strn functions and keeping careful track
of your buffer sizes. Don't get me wrong, I'm sure all the major
developers know the size of the buffers they're using, and probably will
not overflow them, but when you've got code that a potentially very
large pool of people will modify-- as either part of the development
cycle for e, or as code reuse in a separate project, or a fork of one of
the e projects-- it really just seems like a better idea to be explicit
about it.
(fwph)
--
Frederick Heckel
[EMAIL PROTECTED]
(The strange attachment is my digital signature; do not be alarmed)
===================================================================
Forget it, Marge, it's Chinatown!
-- Homer Simpson
Secrets of a Successful Marriage
pgpYnGr5ouIWZ.pgp
Description: PGP signature
