Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Mon Oct 01 2007 - 12:51:22 CDT
On Mon, 01 Oct 2007 13:33:20 EDT, wac said:
> > If I use strcpy() to read user input into a buffer, I am at fault and
> > not C compiler.
> I don't think that's a fair comparison.
> If you make the right algorithm and you do not get the expected
> results *is* not
> your fault but what are you sitting at (compiler, framework, library ...).
No, it's still your fault. The *actual* semantics of strcpy() are well
documented - if you use it incorrectly because your mental model of what the
"expected" results is broken, you're to blame.
It's only the library's fault if the provided strcpy() does not in fact
provide the actual documented semantics. It isn't required to implement
the semantics the programmer *thought* it had.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/