Re: TCHAR and buffer overflows

From: Edward Elliott (nobody@127.0.0.1)
Date: 08/26/02

• Next message: Ursus Horibilis: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
• Previous message: Paul Rubin: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
• In reply to: David Hopwood: "Re: TCHAR and buffer overflows"
• Next in thread: Alun Jones: "Re: TCHAR and buffer overflows"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Edward Elliott <nobody@127.0.0.1>
Date: Mon, 26 Aug 2002 20:33:12 GMT

David Hopwood wrote:
> Edward Elliott wrote:
>>You don't think the sizeof(buf) expression is confusing?
>
> No, I don't. It gives the size of an object in bytes (for the C Standard
> definition of "byte"). It does not give the number of elements in an array.
> You *have* to understand this in order to have any chance of writing
> correct C code that uses sizeof.

_I_ understand that, and _you_ understand that, but programmers in
general obviously don't or these mistakes wouldn't occur. Part of the
confusion is the name, part is the common usage. If it were called
"byte_sizeof" or something, the problem would be more clear.

As it is, programmers often use sizeof for buffer sizes because they're
used to working with single-byte-char arrays. After a while, you may
incorrectly come to think of sizeof as the number of elements in the
array, when in fact that is just a happy coincidence of the fact that
you're using single-byte chars. This phenomenon is common enough at MS
at least to create many instances of the bug.

But arguing about what most programmers think is pointless. One of us
should conduct a random survey of programmers, or we should drop the issue.

-- 
Edward Elliott

---

• Next message: Ursus Horibilis: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
• Previous message: Paul Rubin: "Re: Privilege-escalation attacks on NT-based Windows are unfixable"
• In reply to: David Hopwood: "Re: TCHAR and buffer overflows"
• Next in thread: Alun Jones: "Re: TCHAR and buffer overflows"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: TCHAR and buffer overflows ... >>You don't think the sizeofexpression is confusing? ... It does not give the number of elements in an array. ... programmers often use sizeof for buffer sizes because they're ... But arguing about what most programmers think is pointless. ... (comp.security.misc) Re: Efficency and the standard library ... some of your variable names being poorly chosen (the ptrIndexN ones ... is that makes it so confusing, the obvious explanation would be that since ... their verbal abilities, they were tossed aside like garbage. ... Even if most contemporary programmers hate ... (comp.lang.c) Re: Cobol work? ... confused by C-style pointer ... There are two sets from the group "programmers": ... All members of Group A haven't used pointers or are liars. ... aren't confusing, it's the care of the person using the concepts that makes ... (comp.lang.cobol) RE: $ or % For Associative Arrays? ... > to the name of an associative array as a whole". ... people often say hash when they mean associative ... Things become more confusing when you consider this: ... Perl is perfectly willing and able to deal with variables of the same ... (perl.beginners) Re: Initializing Pointer to an array ... but the equivalence between arrays and pointers is ... > confusing enough without dereferencing pointers that have been ... > created by the decay of an array name. ... no dereference. ... (comp.lang.c)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.ms-windows.nt.admin.security  > 2002-10