The subject has (yet again) come up in this discussion about buffer
overflows and security when it comes to C.
I contend that if you do this:
void foo(char *a, char *b) {
strcpy(a,b);
}
You're foolhardy and should be fired from your programming job.
I've been lazy when I need to write something quickly for my own
use. I would never EVER blindly copy strings around without limiting
their lengths.
It never occurred to me in my early years that this was more
"secure" - it was just the right thing to do. Coming from a PDP-10
MACRO background as a teenager, I couldn't imagine a world where you
blindly excepted strings or any other data from an outside source
and didn't sanity check it for length or content.
It amazed me when I'd run into something written by someone else
that if you put the wrong data into it would SIGSEGV or SIGBUS. Blasphemy!
;)
We don't need no stinkin' safety rails, we're smart enough not to
walk off that cliff in the first place. And who knows, we may need
to walk off that cliff at some point in the future.