12 Nov
2019
12 Nov
'19
11:54 p.m.
On Tue, 12 Nov 2019, Bakul Shah wrote:
Unfortunately strcpy & other buffer overflow
friendly functions are
still present in the C standard (I am looking at n2434.pdf, draft of
Sept 25, 2019). Is C really not fixable?
No; POSIX requires all sorts of broken functions be present, otherwise it
is not compliant; heck, last I looked it even requires gets(). And let's
not even mention pointers... We are our own worst enemy.[*]
All is not lost, though; use strncpy() instead of strcpy() etc. These
days my first choice is Perl, despite it being bloated (I only use C if
it's trivial or I need the speed). I must look at Ruby, though...
[*]
Of if you were a Pogo fan, "We have met the enemy, and he is us".
-- Dave