[TUHS] Why Pascal is Not My Favorite Programming Language - Unearthed!

[Arthur Krewat]

The subject has (yet again) come up in this discussion about buffer 
overflows and security when it comes to C.

I contend that if you do this:

void foo(char *a, char *b) {
     strcpy(a,b);
}

You're foolhardy and should be fired from your programming job.

I've been lazy when I need to write something quickly for my own use. I 
would never EVER blindly copy strings around without limiting their lengths.

It never occurred to me in my early years that this was more "secure" - 
it was just the right thing to do. Coming from a PDP-10 MACRO background 
as a teenager, I couldn't imagine a world where you blindly excepted 
strings or any other data from an outside source and didn't sanity check 
it for length or content.

It amazed me when I'd run into something written by someone else that if 
you put the wrong data into it would SIGSEGV or SIGBUS. Blasphemy!

;)

We don't need no stinkin' safety rails, we're smart enough not to walk 
off that cliff in the first place. And who knows, we may need to walk 
off that cliff at some point in the future.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20170901/e7d91055/attachment.html>