Re: Standards for developing secure software

From: George Dinwiddie (gdinwiddieat_private)
Date: Sun Jan 26 2003 - 07:10:20 PST

  • Next message: xss-is-lameat_private: "[Full-Disclosure] Re: New Web Vulnerability - Cross-Site Tracing"

    Pavel Kankovsky wrote:
    > (*) The situation when the result appears to be negative because it
    > is too large to fit into the positive part of a signed type used for
    > strlen() return value should be considered a bug in strlen()--it
    > should either use a type able to represent the length of *any*
    > possible string, or abort when it cannot return a meaningful result
    > (a dead program is better that a misbehaving program).
    
    I think you meant "The situation when the result appears to be negative
    because it is too large to fit into the positive part of a signed type
    used for strlen() return value should *NOT* be considered a bug in strlen()"
    
    -- 
      ----------------------------------------------------------------------
       Hope your road is a long one.                        George Dinwiddie
       May there be many summer mornings when,       gdinwiddieat_private
       with what pleasure, what joy,                 http://www.Alberg30.org
       you enter harbors you're seeing for the first time;
                                                from 'Ithaka' by C.P. Cavafy
      ----------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Sun Jan 26 2003 - 09:34:18 PST