Re: [Lit.] Buffer overruns

From: infobahn (infobahn_at_btinternet.com)
Date: 01/30/05

• Next message: Mok-Kong Shen: "Re: [Lit.] Buffer overruns"
• Previous message: Mok-Kong Shen: "Re: [Lit.] Buffer overruns"
• In reply to: Mok-Kong Shen: "Re: [Lit.] Buffer overruns"
• Next in thread: Mok-Kong Shen: "Re: [Lit.] Buffer overruns"
• Reply: Mok-Kong Shen: "Re: [Lit.] Buffer overruns"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 30 Jan 2005 10:00:07 +0000 (UTC)

Mok-Kong Shen wrote:
>
> infobahn wrote:
>
> > The remaining examples are no different in principle to this one.
>
> O.k. That assumes that the caller always keeps or determines
> the length information of certain arguments to be passed to a
> function, right?

It assumes that the function's parameters are supplied by correct
code. Each function should take responsibility for introducing no
new security flaws, and the function's programmer should not call
a function without being fully aware of the interface requirement
for that function.

> Do you 'want' to enforce that discipline
> throughout your (possibly large) software project?

It should not be necessary to enforce anything, since responsible
programmers already write code the way I outlined above. The code
to which you refer currently ways in at half a meg of source, and
about half of that is the string library stuff. It'll take a long
time for me to convince myself that it's bug-free, so I would not
advocate that anyone should wait eagerly for its release, so that
they can "start writing bug-free code straight away"!

The programmer should take responsibility for the code he writes,
should document his interfaces, and should respect the interfaces
for functions he calls. This is not rocket science.

---

• Next message: Mok-Kong Shen: "Re: [Lit.] Buffer overruns"
• Previous message: Mok-Kong Shen: "Re: [Lit.] Buffer overruns"
• In reply to: Mok-Kong Shen: "Re: [Lit.] Buffer overruns"
• Next in thread: Mok-Kong Shen: "Re: [Lit.] Buffer overruns"
• Reply: Mok-Kong Shen: "Re: [Lit.] Buffer overruns"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: [Lit.] Buffer overruns ... That assumes that the caller always keeps or determines ... Each function should take responsibility for introducing no ... and the function's programmer should not call ... > should document his interfaces, ... (sci.crypt) Re: Are programmers like this in the real world? ... >> nobody other than the insurance carriers. ... > gone, programmer, although lack of company QA also played a big role. ... Anytime one person has responsibility for code that can kill someone, ... > that when medicine and law were infant industries, ... (comp.programming) Re: Intro to Programming w/ Machine Language ... > responsibility to make your software available within a reasonable time. ... The issue isn't performance, per se, it is the total amount of wasted ... And if the programmer *has* done this from the beginning, ... > the deadline, and the managers job to always enforce the deadline. ... (comp.programming) Re: Intro to Programming w/ Machine Language ... > responsibility to make your software available within a reasonable time. ... The issue isn't performance, per se, it is the total amount of wasted ... And if the programmer *has* done this from the beginning, ... > the deadline, and the managers job to always enforce the deadline. ... (alt.lang.asm) Re: Should this be an object? ... Objects exist to help a programmer organize his code more ... repair mistakes if a mistake is made. ... colaboration of various types of objects through well-defined interfaces. ... mechanisms are at one's disposal - Abstraction, encapsulation, polymorphism, ... (microsoft.public.vb.general.discussion)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)