On Thu, 16 Jul 1998, Craig Spannring wrote: > Anonymous writes: > > In some ways, it is depressing to find this new hole. Programmers are > > still making the same mistakes they have made for years. Doesn't anyone > > learn from the past? Can strcpy() ever be used safely? Perhaps the > > software development community, and certainly those writing network service > > daemons that run as root, should discontinue using *any* C library > > C should not be used for trusted programs. The lack of true arrays > with array bounds checking alone makes it too hazardous. Many of the people on this list already know this, but there are experimental bounds-checking extensions to gcc that do exactly what you're looking for: The first work I know of on bounds-checking for gcc was done by Richard W. M. Jones and Paul Kelly, and is at http://www.doc.ic.ac.uk/~phjk/BoundsChecking.html Greg McGary <gkmat_private> did some other work. Announcement: http://www.cygnus.com/ml/egcs/1998-May/0073.html Richard Jones and Herman ten Brugge did other work. Announcement: http://www.cygnus.com/ml/egcs/1998-May/0557.html Greg compares different approaches in http://www.cygnus.com/ml/egcs/1998-May/0559.html Kragen
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:35 PDT