Thread: gets() not so bad

Originally Posted by MK27

Terrific! BUT MICROSOFT IS NOT ANSI OR THE ISO.

Okay, so in house MS can ban the use of these functions. Or use strict C++ or Java or whatever. The rest of use will just have to toughen up and learn to use your brain whilst coding, because all three of those functions are perfectly safe when used properly.

I'm not saying to use Microsoft functions. I'm saying to create your own safe functions that add security checks so that you don't commit to these mistakes.
That's why I said it would be nice is safe alternatives were added to the language (in the standard, of course).

Originally Posted by Bayint Naung

Microsoft to banish memcpy
next time, Assignment operator ?maybe

They're only banning it in their internal development. This doesn't affect the rest of the world's C programmers.
(Though they should take a hint and consider security.)

Originally Posted by Elysia

I'm not saying to use Microsoft functions. I'm saying to create your own safe functions that add security checks so that you don't commit to these mistakes.
That's why I said it would be nice is safe alternatives were added to the language (in the standard, of course).

This is completely unnecessary. 95% of memcpy calls can be done without checks simply by setting up the input and output correctly.

Please do not say "oh but what if I do this":

Code:

char buffer[16];
memcpy(buffer, something_else, 1000000);

That is JUST STUPID. TOO BAD. YOU LOSE. LEARN TO PROGRAM.

This is only a problem in "real world" settings like MS where economics and scale have made $$$ the priority, so quality of the product (and the people who produce it) is second seat to the quantity they can produce. That's what needs to be fixed.

Since it won't be, they can just make C# faster or something. Won't happen if half the underlying code is totally redundant safety checks, of course.

Originally Posted by MK27

This is completely unnecessary. 95% of memcpy calls can be done without checks simply by setting up the input and output correctly.

...And one day you'll shoot yourself in the foot because you didn't think right. You introduced a bug. The bug didn't crash the program and you got a buffer overrun. Yay.
...Of course, this could have been prevented in the first place had you used safety checks.

Originally Posted by Elysia

...And one day you'll shoot yourself in the foot because you didn't think right. You introduced a bug. The bug didn't crash the program and you got a buffer overrun. Yay.
...Of course, this could have been prevented in the first place had you used safety checks.

Can happen, but:

1) I use a memchecker.
2) I'm very aware of the issue, so I'm used to dealing with it. If you want some tips just ask!

Analogy: If no one ever takes the training wheels off your bike, it will be hard for you to ride around without them.

Does that mean it is oh so hard for people to ride around with no training wheels?!?? Hmmm...