Hosting Provided By

Re: Are bad developer libraries the problem with M$ software?

From: Elliott Mitchell <ehem(at)cs.pdx.edu>
Date: Mon Nov 18 2002 - 19:27:25 EST

> From: "" <cdavison@nucleus.com>
>
> ----- Original Message -----

What is needed is the number of elements in mystr, not the length of the string stored there. On an array sizeof() will give the total size of the array, so it is a correct usage.

> > Perhaps we should start development of a standardized 'safe' header file

Not safe, though you've merely overwritten the end by one and with a \0, you've still overflowed, game over.

Perhaps the approach should be to make all the functions consistant and take their arguments in more convenient forms? Lets use the premise that if you're working with dynamically allocated strings you're probably storing the number of elements in the array.

Given this premise making all functions take the number of elements in the destination array including the trailing \0 (strncpy() style) and thereby not needing to subtract 1 every time you use the function is the way to go (this is also the safe way to go, since if somebody loses track of how the length is taken care of they're likely to leave a character unused rather than overflowing by 1).

Then strncat() should take the size of the destination (again including the \0), because it is more likely that the total size is stored rather than the free space. Also given the total space it is very easy for strncat() to internally compute the free space (when searching for the end of the string, simply decrement the space counter) this also has better performance since you don't need to use strlen() first (if you already know where the end is, then use strncpy()).

The example safe_strncat() doesn't work in the first place either:

Do you need help?

struct string_t {

	unsigned long size;
	char str[1];

}

Passing size will be ignored because sizeof(string_t.str) will always evaluate to 1 (*!#%#%# ANSI disallowing zero length arrays!) and is therefore smaller than the 'len' argument. Worse though is that because of subtracting 1 to compensate for the \0 you've got 0, now unless strlen() is 0 you've ended up with a value that is almost certainly rather larger than the length of the actual array.

-- 
(\__/(\__/(\______          --=> 8-) EHM <=--          ______/)\__/)\__/)
 \   (    |         EHeM@cs.pdx.edu      PGP 8881EF59         |    )   /
  \_  \   |  _____  -O #include  O-   _____  |   /  _/
    \___\_|_/82 04 A1 3C C7 B1 37 2A*E3 6E 84 DA 97 4C 40 E6\_|_/___/

Received on Mon Nov 18 21:42:03 2002

This message: [ Message body ]
Next message: John Viega: "Re: Are bad developer libraries the problem with M$ software?"
Previous message: John Viega: "Re: Are bad developer libraries the problem with M$ software?"
Maybe in reply to: Darren Reed: "Are bad developer libraries the problem with M$ software?"
In reply to cdavison(at)nucleus.com: "Re: Are bad developer libraries the problem with M$ software?"
Next in thread: Luciano Miguel Ferreira Rocha: "Re: Are bad developer libraries the problem with M$ software?"
Reply: Luciano Miguel Ferreira Rocha: "Re: Are bad developer libraries the problem with M$ software?"
Reply: Casper Dik: "Re: Are bad developer libraries the problem with M$ software?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:44 EDT