[Info-vax] Whither VMS?

[Richard B. Gilbert]

Jordi Guillaumes i Pons wrote:
> En/na Michael Kraemer ha escrit:
>>
>> The str*() functions exist for convenience.
>> If one has problems of that kind, I'd indeed store
>> data in a dedicated struct (ptr,len).
>>
>>>
>>> One result of null termination is the easy buffer overflow of
>>> many programs today 
>>
> 
> Programmers are, some times, lazy. Specially when they work under 
> unrealistic schedules and not enough resources. You can find a lot of 
> things like this in production:
> 
> void someFunction(char *someString) {
>     char aBuffer[1024];
> 
>     .
>     .
>     .
>     strcpy(aBuffer, someString);
>     doSomething(aBuffer);
>     .
>     .
>     .
> }
> 
> The problem is that in C you don't have tools (AFAIK) to catch time 
> bombs like this one in compilation time nor, probably, in test time. In 
> higher level languages (COBOL, PLI, even java) you can enable runtime 
> range checking, and in some cases, even compiletime verification (which 
> usually gives a WARNING). But not in C. You can have this code working 
> quietly for years... until a programmer writes something which calls 
> someFunction() with a 2048 bytes string. Or something who passes a 
> pointer to something entered by a user. That's when things become 
> interesting, since in architectures like x86 that can overwrite the 
> stack frame, and with a well crafted overwrite you can make someFunction 
> to return to your own bad code.
> 
> There are hundreds of examples. Take a look at the CVE reports.
> 

Poor design of the language and poor design of the program!  The authors 
of C wanted "creative freedom" and no backtalk from the compiler.

DEC C allows you to do a lot of checking or to shut up its complaining 
and compile what you wrote.  If you elect the latter option, you assume 
responsibility.  If you work at it you can do all sorts of damage.