TIP: Click on subject to list as thread! ANSI
echo: rberrypi
to: R.WIESER
from: RICHARD HEATHFIELD
date: 2019-02-24 19:26:00
subject: Re: C is not a low level
On 24/02/2019 19:02, R.Wieser wrote:
> Richard,
>
>> Okay, so that's so obvious a retort that I have to deduce you meant
>> something else, but I don't know what. Care to explain for the benefit of
>> my befuddled grey cells?
>
> You responded to a post in which was explained that "strncpy" could be
> dangerous because you could fill the buffer out with a too-long string,
> leaving it without a terminator.

With you so far...

> The defensive method would be to stop
> copying before you overwrite the last byte in the target buffer - thereby
> making sure that whatever may happen, the buffer will hold a zero-terminated
> string.

But my code protected against that possibility by obtaining the length
of the source string including terminator: len = strlen(src) + 1; and
then allocating exactly that amount of memory via malloc, and then using
memcpy to copy exactly that many bytes. The only way this could break
would be if the source string grew between two consecutive lines of code
that did not grow that string. This *could* happen in a multi-threaded
context, of course, but in a multi-threaded context one would take
additional precautions to ensure that only one thread had access to the
string at the point of duplication.

OR... I'm missing something! :-)

>
>> Reporting an error is certainly preferable to undefined behaviour, but I
>> would prefer to grab the data - all of it - if that's possible and
>> reasonable.
>
> I went along with you upto-and-including the "- all of it -".  The latter
> part ?  Not so much.  Not even humans are really capable of acting
> (correctly!) on partial messages, let alone un-imaginative programs.  And
> boy, can they do a lot of damage ...

Well, if it's impossible it's impossible and that's all there is to it.
And I gave an example of a scenario in which an unreasonable amount of
data could be deliberately thrown at the program with the express intent
of consuming all available memory. If these circumstances are at all
likely, it seems to me that it is better to protect against them than to
succumb blindly to them.

--
Richard Heathfield
Email: rjh at cpax dot org dot uk
"Usenet is a strange place" - dmr 29 July 1999
Sig line 4 vacant - apply within

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.