Re: [Lit.] Buffer overruns
From: Hank Oredson (horedson_at_earthlink.net)
Date: 03/15/05
- Next message: Steve O'Hara-Smith: "Re: [Lit.] Buffer overruns"
- Previous message: Hank Oredson: "Re: Thou shalt have no other gods before the ANSI C standard"
- In reply to: Anne & Lynn Wheeler: "Re: [Lit.] Buffer overruns"
- Next in thread: Steve O'Hara-Smith: "Re: [Lit.] Buffer overruns"
- Reply: Steve O'Hara-Smith: "Re: [Lit.] Buffer overruns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Mar 2005 15:49:07 GMT
"Anne & Lynn Wheeler" <lynn@garlic.com> wrote in message
news:m3sm2xhujr.fsf@lhwlinux.garlic.com...
> jmfbahciv@aol.com writes:
>> Sure. Another note would be that there are only a few auto
>> manufacturers and the quality of their distribution can be
>> controlled (to the point of too much control) by governments. OTOH,
>> there are millions of people producing code and gazillions of
>> computers producing and distributing code...and data. I predict
>> that, if we don't start to solve these problems in-house,
>
> there is also a large difference in the number of c compiler writers
> and the number of c coders. one of the early thread postings was that
> most c-environment string copy operations are to buffer areas that
> have no infrastructure defined length. this led to some observations
>
> 1) some other environments (like PLI) where both source and target
> areas had explicit infrastructure defined lengths ... have had
> significantly lower buffer overflow issues (analogous to reduction in
> traffic fatalities when various safety related features were
> introduced).
>
> 2) automatic bounds checking is dependent on infrastructure
> determinable bounds (like start/end or start/length) ... it would
> appear to be difficult to implement automatic bounds checking for
> storage areas that have no infrastructure determinable bounds.
>
> the corollary was that if storage areas had infrastructure
> determinable bounds ... say in order that automatic bounds checking
> implementation were possible (aka #2), then C environmental libraries
> might be able to also take advantage of such infrastructure
> determinable bounds ... which might result in C implemented
> applications having frequency of buffer overlow events much more akin
> to other application environments that had infrastructure determinable
> bounds as part of their basic environment (aka #1).
>
> misc ...
> http://www.garlic.com/~lynn/subpubkey.html#overflow
Between those two posts the entire thread has been summarized.
Excellent.
-- ... Hank http://home.earthlink.net/~horedson http://home.earthlink.net/~w0rli
- Next message: Steve O'Hara-Smith: "Re: [Lit.] Buffer overruns"
- Previous message: Hank Oredson: "Re: Thou shalt have no other gods before the ANSI C standard"
- In reply to: Anne & Lynn Wheeler: "Re: [Lit.] Buffer overruns"
- Next in thread: Steve O'Hara-Smith: "Re: [Lit.] Buffer overruns"
- Reply: Steve O'Hara-Smith: "Re: [Lit.] Buffer overruns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
