TIP: Click on subject to list as thread! ANSI
echo: rberrypi
to: R.WIESER
from: RICHARD HEATHFIELD
date: 2019-02-25 12:24:00
subject: Re: C is not a low level
On 25/02/2019 07:25, R.Wieser wrote:
> Richard,
>
>> It has rightly been said that threading is for people who don't understand
>> state machines, and state machines are for people who don't understand
>> threading. I am in the latter camp!
>
> You're only strengthening my position you know. :-)

Hence the next sentence in my reply, which you've snipped:

"In the more general case, however, your point is taken."

> /Especially/ when you do not know what could happen it is a good idea to be
> defensive about what you're doing.

But I do know what could happen. Someone could use my code in a
multi-threaded environment. Equally, someone could use my code and
replace all instances of sin() with cos(), cos() with tan(), and tan()
with sin(). Or they could change all the #defines. Or they could use the
code in an environment where CHAR_BIT is not 8 (a restriction I regret,
but not as much as I'd regret static arrays of, say, 16 giga-octets). Or
they could flip a few random bits in the object code. Or they could use
a compiler that assumes one calling convention and a linker that assumes
a different one.

If they do any of those things, that really is their problem.

> But, do me a favour: think about the ammount of effort you would need to do
> to follow my suggestion, and the amount of fall-out you could be facing when
> the string doesn't get terminated (regardless of by mistake or by an attack)
> and compare those two.  What do you say, which of the two would "win" ?

It would have to be a mistake - that of using, in a multi-threaded
environment, code designed for use in a single-threaded environment.

A *deliberate* single-threaded attempt to stop my code from
null-terminating a copy of a string would fail. (If an attack is likely,
the place to guard against it is after the length caching but before the
malloc.)

And a deliberate *multi*-threaded attempt to attack the code would
entail the mistake of using my code in a multi-threaded environment.

--
Richard Heathfield
Email: rjh at cpax dot org dot uk
"Usenet is a strange place" - dmr 29 July 1999
Sig line 4 vacant - apply within

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.