This was why I recommended std::string.Originally Posted by Daved
A buffer overrun error (writing beyond the end of an array) is one of the worst bugs you can have; it's far more serious than a memory leak from a security point of view. A buffer overrun error with user-submitted data is a powerful method for a malware programmer to execute arbitrary code.
You ever try a pink golf ball, Wally? Why, the wind shear on a pink ball alone can take the head clean off a 90 pound midget at 300 yards.
Now that is a very usefull awnser (not that the other awnsers weren't), thanks Cat. Now I'm cosidering using the std :: string. Though, what execly happens when a buffers gets overrun when it's worse then a memory leak?
A buffer overrun is always worse than a memory leak (when all things equal). The latter means that in time your application will fail to allocate. a bad_alloc exception will be thrown and your program will most probably crash in an anti-climatic way.
But a buffer overrun is a different kind of animal. It means that your array accessed memory that doesn't belong to it. A fairly decent programmer (probably not even that considering there are websites that teach you how to do this) that detected a buffer overrun, can force it to happen and use the memory where it is going to happen to run any code they like. Effectively using your application to gain access to the system where it is running.
Originally Posted by brewbuck:
Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.
Wow, that sucks big time, I wonder why I never heard it was that bad.
Only the thing is, when I include the string header (# include <string>) my executable file size get's bigger by 83 KB, why is that?
Well you included more code in your application. The code that handles strings.
You shouldn't worry about that. Wait untill you need to include vector... and iostreams!... and static boost libraries... and... don't worry with your executable size. It grew that much, but it won't grow any bigger no matter where you use std::string from here on.
Originally Posted by brewbuck:
Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.
Another questions, could I also use LPSTR instead of CHAR and std :: string? How does LPSTR works?
An LPSTR is a typedef. It is simply a windows API specific name for char*.
Originally Posted by brewbuck:
Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.
So it is crap too?
I wouldn't say crap. There a fair good use for char*. But yes, it is not some new form of string handling.
I am curious though? After seeing std::string you are still looking for alternatives? You can't beat std::string... take a look here, if you are having problems understanding how to use them:
http://www.cprogramming.com/tutorial/string.html
Originally Posted by brewbuck:
Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.
It's because it gives me a lot of more work and I will need to create more variables and I still need to use CHAR buffers for some windows functions.
Oh and, can LPSTR's give buffer overrun errors, like the same as CHAR.
any specific need for char arrays is quiet easily fulfilled with the c_str() member function. If you have a function needing a char array:
void somefunction(char* buffer);
or
void somefunction(char[] buffer);
The following will do it.
Code:std::string foo = "pass me as c-style string"; /*... do here all the nifty things C++ Strings allow you to do ...*/ somefunction(foo.c_str());
Originally Posted by brewbuck:
Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.
LPSTR is really just another name for CHAR[], so they behave the same way, with all the same problems.
BTW this URL is a security report of a buffer overrun in some versions of Flash that could in theory spread a virus to your PC simply by viewing a website with a specially-designed flash video. The malware programmer would need to specially modify the flash file so that when your browser tried to read the size of the flash file, it caused a buffer overrun which would write virus code inside the your browser's memory and then execute it.
In fact fixing buffer overruns are a very common reason for many of the critical security updates you get from Windows Update.
Last edited by Cat; 11-04-2006 at 10:57 AM.
You ever try a pink golf ball, Wally? Why, the wind shear on a pink ball alone can take the head clean off a 90 pound midget at 300 yards.
When using functions that only take non-const character arrays, you want to confine the use of character arrays to the smallest scope possible. This is basically what Ken Fitlike has done (in a post below... note the time error) by creating a wrapper function around GetWindowText that returns a string. He used a vector, which is nice in that you don't have to remember to delete the dynamic memory. You could also use your char[] in a function like that and make sure you get it right in that one place. Then you would return a string and be "safe" for the rest of the program.
I don't want to use vectors because I don't know, I really don't wanna use code which I don't know yet.
