FILE* question

**Elysia** · 12-01-2007

Originally Posted by matsp

Safe libraries is fine, but what about the code that isn't in the libraries. How do you make THAT code safe?[/code]
Lots of vulnerabilities come from improper memory handling, like buffer overruns.

And usually this is due to C-style functions. Using C++ objects usually takes care of that little problem for you.
Otherwise you need to properly learn how to handle memory yourself.
I believe that is THE biggest problem in the language.

Surely you don't mean to say that all applications can only be produced by calling functions in safe libraries?

No, of course not. But using safe libraries lessens the risk for programming errors and mistakes and vulnerabilities, so it's a good thing to use them.

**keira** · 12-01-2007

There are safe and secure libraries for both C and C++. There are novice programmers in both languages that neglect these libraries. Basing the security of a language on its library support is not the way to go for this reason. Unless there was some way to get rid of all the old insecure libraries so new programmers don't keep using them...

C and C++ are terrible bug prone languages. Although I do prefer to program in C++ rather than in C because I like the STL and private data types.

**Elysia** · 12-02-2007

Originally Posted by keira

There are safe and secure libraries for both C and C++. There are novice programmers in both languages that neglect these libraries. Basing the security of a language on its library support is not the way to go for this reason. Unless there was some way to get rid of all the old insecure libraries so new programmers don't keep using them...

Oh how we'd love that, but seeing as lots still use plain old C, I can't see that happening anytime soon, unfortunately.

**MacGyver** · 12-02-2007

Originally Posted by Elysia

And usually this is due to C-style functions. Using C++ objects usually takes care of that little problem for you.
Otherwise you need to properly learn how to handle memory yourself.
I believe that is THE biggest problem in the language.

You don't manage memory in C++?

**Elysia** · 12-02-2007

With smart pointers, string classes, vectors... all that complexity of keeping your arrays intact and all that goes away. No need to worry about it. And that's pretty much the biggest issues with memory.
I can't think of an example in a general program where I have to handle memory myself with a raw array, raw buffer or such (well substitute raw buffer for vector for that purpose).
Now there's where the most of the work goes into, no? To make all that work like it should?

**MacGyver** · 12-02-2007

You never use dynamic memory explicitly?

**laserlight** · 12-02-2007

I suggest that we (especially you, Elysia) stop starting "C versus C++" and other language comparison discussions in the middle of threads that have nothing to do with language comparison.

**Elysia** · 12-02-2007

I do, of course. I know how to handle it properly.
But most of the time, I know I can get away with not doing it.

Thread: FILE* question

Thread Tools

Search Thread

Display

Similar Threads

Alice....

Debugging question

Question about pointers #2

Question...

Question, question!