[Info-vax] Whither VMS?
glen herrmannsfeldt
gah at ugcs.caltech.edu
Sun Oct 4 08:59:57 EDT 2009
Bill Gunshannon <billg999 at cs.uofs.edu> wrote:
(snip, I wrote)
<> One result of null termination is the easy buffer overflow of
<> many programs today that don't properly check lengths.
< And once again we blame the language for the incompetence (or just plain
< laziness) of the programmers.
Well, the C gets() function, I believe still part of the standard,
has no way to know the length of the buffer. The only answer is
not to use it, but it does seem fair to blame the language in that
case. Otherwise, yes, it is up to programmers to check at the
appropriate points.
<> Length
<> at the beginning doesn't work so well if you want pointers to
<> other than the beginning of a string. The other way is with
<> a structure containing a length and pointer, pretty much what
<> Java does with String.
< And one of the first languages that I used that had this "length byte"
< concept was UCSD-Pascal. Which, from the very start, included a way
< to violate those bounds. Go figure....
PL/I also usually uses length at the beginning.
-- glen
More information about the Info-vax
mailing list