[oclug]C and C++ insecure
Gilles J. Seguin
segg at infonet.ca
Sat Mar 29 12:52:43 EST 2003
Greg Franks wrote:
> [...]
> Today, compilers are smart enough to do the same thing with the
> somewhat more safe (side-effect free) expression:
lots of assertions are missing here before allowing this
> for ( int i = 0; q[i] != 0; ++i ) {
/* play safe */
for ( int i = 0; 0 != q[i]; ++i ) {
> p[i] = q[i];
> }
> /* Look ma! no pointers! */
see also memcpy(), memmove(), strcpy(), strdup(), stpcpy()
> Of course, compilers today are several orders of magnitude bigger than
> the portable C compiler).
>
> I know that there are (very few) people who really care about the code
> generated, and go to great extremes to do micro-optimazations. Then
> compiler technology changes and all that work is moot, or it's ported
> to a new architecture. Worse, the code breaks with the new compilers
> (GCC 3.X anyone?)
Want to know more,
Can you provide the URL to the bug report.
More information about the OCLUG
mailing list