Rudolf Polzer <AntiATField_adsgohere@durchnull.de> wrote in
news:slrnai33df.j5h.AntiATField_adsgohere@www42.durchnull.de: 

> C is undergoing too many changes. Three widely used standards.

Eh? The majority use C90, with a minority using C99.... What's the 
third?

> That's what someone in de.comp.security.misc wrote (I hope you see
> the mistake):
> 
>| char *ptr = malloc (strlen(source));
>| if (!ptr) exit (EXIT_FAILURE);
>| strcpy (ptr,source);
>| /*     Wer das nicht kann, sollte IMHO gar nicht C programmieren.
>|     */ 
> (If you can't do this, you shouldn't use C)

Should be "malloc(strlen(source)+1)" and that conditional should be 
"if (ptr == NULL)". It's not guaranteed that NULL pointers will be 
represented the same as a 0. ;-)

> It happens just too easily because C does not have a string
> datatype that does these things for you.
> 
> A simple
> 
> #define stralloc(N) calloc ((N) + 1, 1)
> 
> (when using calloc, the string returned has zero length, so other
> mistakes are avoided)
> 
> and this mistake would have gone. Why isn't that in <stdlib.h>?

I really don't see much use for it... You call always use calloc 
yourself without a macro, or make sure your string isn't printed 
before something meaningfull is put in it, or even just declare it as 
an array (with the length specified in the code) and limit how much 
you put into it....

> Then there are no variable-length arrays on the stack. You cannot
> write 
> 
> void f (unsigned int n)
> {
>   char a[n];
>   /* ... */
> }

IIRC this was added to C99.....

> Having to use malloc all the time is memory-leak-prone, especially
> because there is no better exception handling than atexit() and
> longjmp(). This would be another good thing for C:

Well remember C was designed to write Unix in.... It's not meant to 
be a very high level language, more of a portable assembly 
language...

> And gets() is not the only such function. sprintf, *scanf etc. are
> just as dangerous and especially for sprintf there is no safe ANSI
> C replacement

How is sprintf dangerous? You know the length of the string you're 
printing before the variables have been inserted, and you can control 
the length each variable is displayed to.....

> Another flaw is that 'unsigned' is a longer word than 'int',
> therefore many programmers use signed integers where unsigned ones
> are correct. Turbo Pascal did this right, 'integer' was longer
> than 'word'... 

LOL. Now they're just being lazy. :D



-- 
David Scarlett

Remove entryplug to reply via email.