"R.Wieser" writes:
> Richard,
>
>> But my code protected against that possibility by [snip]
>
> Thats why I said "In this simple example it will work".
>
>> The only way this could break would be if the source string grew between
>> two consecutive lines of code that did not grow that string.
>
> In your example ? Yes (and the same as I was thinking).
>
> Now imagine that you're programming and you /could/ be working on a
> single-thread string, but as easily on a multi-thread one. Wouldn't it be
> easier to use a method which will work in either circumstance ?
>
>> If these circumstances are at all likely, it seems to me that it is better
>> to protect against them than to succumb blindly to them.
>
> True. But that only goes as far as the programmer can imagine such attacks.
> "strncpy" is ment as a "last ditch" effort to safeguard against the
> /unforseen/ circumstances which could lead to memory/stack being clobbered.
> My suggestion to provide it an argument that is one less than what the
> buffer can actually hold is just an extension on that.
>
> Personally I would not mind at all when it would throw or return an error
> when the target buffer was found to be too small for the source string. It
> should never happen, and for that reason should not be silently ignored
> either. But thats just my take on it, YMMV.
Sorry to interject this important argument so deep in an unrelated
thread, but
In case you didn't notice, the terminating null is not stored or
transmitted to external devices. When you display the string on a
screen, print it in a printer, transmit it to a remote terminal, etc,
the null byte should not be displayed, printed, transmitted. It is NOT
part of the string.
So why C uses a null terminating byte for string literals?
The alternatives are:
- pascal strings: a length prefix (but is it a byte,
a word, a long? In "modern" pascal implementations all those variants
are possisble.
- no length, but a different type, and a stringly typed language that
let you copy the literal only to an array of the same size
(eg. Modula-2, IIRC).
- a designated string class used to implement strings (eg. Objective-C;
it's even customizable in Objective-C, since the specific string class
can be specified as argument to the compiler).
you can notice that 1960's C solution of using a terminating null byte
looked as the simpliest solution, and provided also the safety that if
you lost a null byte, there should be another null byte in memory not
too far away, so everything would be ok. But that was before paged
memory existed! (well not chronologically, but on the PDP-7/11).
Ie. basically the argument was: we're ok with buffer overflows because
they're benign on our PDP-7 in 1969.
Obviously this only argument for null-terminated strings should be
revised!
This is a place where C could be improved, and I like Objective-C
solution of providing a class (a "plug-in") to implement the
representation of string literals.
--
__Pascal J. Bourguignon__
http://www.informatimago.com
--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
|