Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C Programming > using static char arrays to be on the safe side

Reply
Thread Tools

using static char arrays to be on the safe side

 
 
Richard
Guest
Posts: n/a
 
      11-23-2007
rep_movsd <(E-Mail Removed)> writes:

> On Nov 20, 3:52 am, CBFalconer <(E-Mail Removed)> wrote:
>> rep_movsd wrote:
>>
>> > Oh well, I guess its best to avoid such "fixes" and make sure I
>> > always know the size of the data that I strcpy or memcpy, in any
>> > case most APIs ( at least WIN32 ones that i know of ) can be made
>> > to return the size of the data that they will return....

>>
>> Incomprehensible. See the advice in my sig, below.
>>
>> --
>> If you want to post a followup via groups.google.com, ensure
>> you quote enough for the article to make sense. Google is only
>> an interface to Usenet; it's not Usenet itself. Don't assume
>> your readers can, or ever will, see any previous articles.
>> More details at: <http://cfaj.freeshell.org/google/>
>>
>> --
>> Posted via a free Usenet account fromhttp://www.teranews.com

>
> Sorry, here is my original query and google groups thread link


Oh dear. Prepare for more of his signature advice because you forgot to
snip his double signature.

>
> rep_movsd wrote:
>
>> Hi

>
>> I program primarily in C++ , but once in a while one is forced to use
>> the odd strcpy or call API functions that dump results into char*
>> buffers.

>
>> I believe that most security exploits that work by thrashing the stack
>> to overwrite the return address, allowing arbitrary code execution.
>> I have now fallen into the habit of declaring temporary buffers as
>> static char arrays.

>
>> Is this a good idea in general?

>
> Followed up on
> groups.google.com/group/comp.lang.c/browse_thread/thread/
> 073b39de9430aec9#
>
> Vivek

 
Reply With Quote
 
 
 
 
Keith Thompson
Guest
Posts: n/a
 
      11-23-2007
Richard wrote:
[21 lines deleted]
>
> Oh dear. Prepare for more of his signature advice because you forgot to
> snip his double signature.
>

[16 lines deleted]

Richard, did you really need to quote the entire article to say that?
(Hint: No, you didn't.) (Hint: This criticism is from someone with
a valid signature; perhaps you'll pay attention to it.)

Are you incapable of trimming quoted text?

You said recently that you had killfiled CBFalconer. I had hoped
this would mean we wouldn't see any more complaints from you about
his signature(s).

--
Keith Thompson (The_Other_Keith) <(E-Mail Removed)>
Looking for software development work in the San Diego area.
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister"
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Multidimensional arrays and arrays of arrays Philipp Java 21 01-20-2009 08:33 AM
confused between char and char* and connection to Arrays arnuld C++ 19 03-30-2007 04:42 AM
(const char *cp) and (char *p) are consistent type, (const char **cpp) and (char **pp) are not consistent lovecreatesbeauty C Programming 1 05-09-2006 08:01 AM
/usr/bin/ld: ../../dist/lib/libjsdombase_s.a(BlockGrouper.o)(.text+0x98): unresolvable relocation against symbol `std::basic_ostream<char, std::char_traits<char> >& std::endl<char, std::char_traits<char> >(std::basic_ostre silverburgh.meryl@gmail.com C++ 3 03-09-2006 12:14 AM
char arrays and integer arrays... why the difference? Bill Reyn C++ 3 06-22-2004 12:01 PM



Advertisments