|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Valdis.Kletnieks
vt.edu
Date: Mon Oct 01 2007 - 12:51:22 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 01 Oct 2007 13:33:20 EDT, wac said:
> >
> > If I use strcpy() to read user input into a buffer, I am at fault and
> > not C compiler.
>
>
> I don't think that's a fair comparison.
> If you make the right algorithm and you do not get the expected
> results *is* not
> your fault but what are you sitting at (compiler, framework, library ...).
No, it's still your fault. The *actual* semantics of strcpy() are well
documented - if you use it incorrectly because your mental model of what the
"expected" results is broken, you're to blame.
It's only the library's fault if the provided strcpy() does not in fact
provide the actual documented semantics. It isn't required to implement
the semantics the programmer *thought* it had.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFHATOacC3lWbTT17ARAqTlAJ9R/XY01Db1pO8fTAEKt1+opwntegCdEFnX
fzq8FdEgIBZZM3OaIW+lCE8=
=7GGQ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]