I want to learn how to write save code, I mean save against buffer overflow and such.
Is there a overview with all unsave functions from C Std, C++ Std and Boost + workaround described?
I want to learn how to write save code, I mean save against buffer overflow and such.
Is there a overview with all unsave functions from C Std, C++ Std and Boost + workaround described?
You mean SAFE code?
There are plenyt of unsafe functions, some are only unsafe if you "use them wrong" or "use them in a particular way", and of course, even safe functions aren't safe if you use them wrong, e.g.:
This is definitely unsafe, as it allows 180 bytes overflow.Code:... char str[20]; ... fgets(str, 200, stdin); ...
Some of the most common unsafe functions:
But as I explained above, it's more about using functions correctly than which functions you use. If you check the strlen() before calling strcpy(), then it's fine.Code:strcpy() gets() {,f,s}scanf() /* When using %s */
--
Mats
--
Mats
Compilers can produce warnings - make the compiler programmers happy: Use them!
Please don't PM me for help - and no, I don't do help over instant messengers.
Yes, I misspelled. As you may have reconizted English is not my native language. It`s difficult for me to get the exact meaning of this word, it can mean several things like
- "to save from destruction"
- "to be safe as houses".
If i translate it back it`s quite similar. Maybe "secure code" would have been good?
That`s why I asked for some overview where them are listed.
A lot of the safety comes down to how the functions are used by the programmer, so you just can't assume that you can attach a "safe" or "unsafe" label. As matsp has already shown, you can turn a safe function into a disaster area with a simple typo.
For example,
gets() is fundamentally unsafe, there is no possibility of ever using it in a safe manner.
fgets() is safe, so long as you're honest about the size parameter.
Then something like std::string is very safe unless you really go out of your way and try and modify the string by using the pointer returned by say the c_str() method.
If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
If at first you don't succeed, try writing your phone number on the exam paper.
Compilers can produce warnings - make the compiler programmers happy: Use them!
Please don't PM me for help - and no, I don't do help over instant messengers.
Yes, I understand that english isn't your native language - it isn't mine either [but I started learning English thirty years or more ago, and I have been working with English and American companies for the last 15-20 years, and have been living in England for 12 years, so it may be hard to spot that I'm not a native speaker, especially in writing] and my comment was more to clarify that I was answering that sort of question, rather than to complain about your language - becuase I wanted to make sure that you weren't talking about "how do I save data to a file and then remove it" or some such.
So, now to "a list of unsafe functions", as explained by me an Salem, it is almost impossible to make a complete list of functions that are unsafe - any function that copies data from one place to another in some form, and where the calling code is supplying the buffer in which to write into, the function is essentially unsafe. It helps the function to be safer by passing a size/length information to it, so that the function can check that the resulting data isn't overflowing the buffer - but it still assumes that the calling code is doing this correctly.
Most C++ standard classes are safe, since the classes are owning the buffers that are written to. As to other libraries and sources, it will depend a bit on who provided that code and whether they were thinking about potential safety issues or not. Most likely, if it's a C++ class, it will be safer than the same functionality implemented in traditional C code - mostly because in the past, it was expected that the programmer would do some checking themselves to make sure that it worked right.
--
Mats
Compilers can produce warnings - make the compiler programmers happy: Use them!
Please don't PM me for help - and no, I don't do help over instant messengers.
> You'd first have to get rid of the const on c_str(), right?
True.
You can only raise the bar, but some people will always find a way to get over it though
The only way to be really safe is to pick a language which removes all responsibility for managing storage from the user. Even then, you have to make sure that what the user enters is 'safe' to process.
Sure you can read the string in safely using fgets(), but if you don't validate it, you leave another door open.
http://en.wikipedia.org/wiki/Sql_injection_attack
If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
If at first you don't succeed, try writing your phone number on the exam paper.