discuss-gnuradio
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Discuss-gnuradio] GUI problems with 3.7

From: Marcus D. Leech
Subject: Re: [Discuss-gnuradio] GUI problems with 3.7
Date: Fri, 21 Jun 2013 16:11:35 -0400
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111108 Fedora/3.1.16-1.fc14 Thunderbird/3.1.16 
On Fri, Jun 21, 2013 at 3:39 PM, Tom Rondeau<address@hidden>  wrote:

On Fri, Jun 21, 2013 at 12:41 PM, Marcus D. Leech<address@hidden>  wrote:

There are safe uses for unconstrained string functions.  Just, well, not
very many...

--
Marcus Leech

No. Never, ever, ever is it ok. I say this using a strlen call now...
(but it's against strings that are hard-coded into our files by us, so
if that breaks, we have only ourselves to blame).

Also, just pushed a fix. This should take care of things.

Tom

Pardon my ignorance here, but would someone mind explaining this a
little more? My intuition is saying that it's unsafe to use strcmp on
user input because there's no checking that there is in fact a sane
string (null terminated), but I haven't been around long enough to be
sure that's the issue or if there's just something more sensible in
boost.

I'd be happy with a link on the topic; I couldn't find anything useful googling.

-Nathan
The standard C string functions (the unconstrained ones) are well-known to be unsafe, and a rich source of buffer-overrun bugs/attacks in the 
  last couple of decades.
Still, it's so much more convenient to type strcmp (a,b) rather than strncmp (a,b,l), etc, etc. 

So, sometimes you slip up and use the "unsafe" version.



--
Marcus Leech
Principal Investigator
Shirleys Bay Radio Astronomy Consortium
http://www.sbrac.org
reply via email to
[Prev in Thread] Current Thread [Next in Thread]