[Info-vax] Calling standards, was: Re: Byte range locking - was Re: Oracle on VMS
Michael Moroney
moroney at world.std.spaamtrap.com
Wed Nov 23 11:09:45 EST 2016
Bill Gunshannon <bill.gunshannon at gmail.com> writes:
>On 11/23/16 4:06 AM, Johnny Billquist wrote:
>> The C standard library use NUL-terminated strings, which (as we all
>> know) have serious security problems, and god knows what else.
>Why do people insist on perpetuating the notion that this is a C
>security problem. C merely continued a practice that predated it
>probably to maintain compatability with earlier code.
>The PDP-11 Macro Directive .PRINT takes a null terminated string
>as its only argument. I suspect the VAX had the same and it
>probably still exists in MACRO but I don't have my manual handy to
>verify that.
PDP-11 had different ways to specify strings.
.ASCIZ was a null-terminated string, while .ASCIC was a counted
string. .ASCID (descriptor) probably didn't exist on the PDP-11
but on the VAX. Of course .ASCII was just a string, presumably
with a length specified elsewhere or assumed/known.
The VAX calling standard used descriptors for strings, not null
terminated strings. Much more secure.
Hackers abusing buffer overruns caused by null-terminated strings
weren't an issue on PDP-11s. These days, null-terminated strings
as implemented by C are widely abused to compromise code.
More information about the Info-vax
mailing list