The subject has (yet again) come up in this discussion about buffer overflows and security when it comes to C.

I contend that if you do this:

void foo(char *a, char *b) {
    strcpy(a,b);
}

You're foolhardy and should be fired from your programming job.

I've been lazy when I need to write something quickly for my own use. I would never EVER blindly copy strings around without limiting their lengths.

It never occurred to me in my early years that this was more "secure" - it was just the right thing to do. Coming from a PDP-10 MACRO background as a teenager, I couldn't imagine a world where you blindly excepted strings or any other data from an outside source and didn't sanity check it for length or content.

It amazed me when I'd run into something written by someone else that if you put the wrong data into it would SIGSEGV or SIGBUS. Blasphemy!

;)

We don't need no stinkin' safety rails, we're smart enough not to walk off that cliff in the first place. And who knows, we may need to walk off that cliff at some point in the future.