On Saturday 16 April 2005 00:59, Jerry Feldman wrote:
On Friday 15 April 2005 10:44 am, Stefan Hundhammer wrote:
C's string handling for instance sucks - it is the source of most security holes that need to be fixed. Buffer overflows happen because C does not have a concept for variable length strings - it only has character pointers. What a nightmare.
I disagree with your opinion. A C string is an array of characters. One must remember that C is NOT a high level language like FORTRAN or COBOL, it was designed as an implementation language. C++ implements a variable length string based on the C strings.
Some other languages use a tld type of string where the first byte of the string contains a length. Languages like BASIC are more flexible because their string handling is performed under the covers.
Yes. In particular FORTRAN had a nice standard of first BYTE holding size. Now it "appears" that C++ does not need to have this number because the string ends with a NULL (or strictly correct being a NUL. I hate Bill Gates and mates just changing definitions.) But, it is only hidden from the C++ programmer. Do C++ programmers think that the OS has no idea where the allocated string space ends? The OS is now burdened with keeping track of how much space it has allocated for the string; and it will probably have to abandon that piece of memory and allocate a new chunk of memory and shift the rubbish over when the (blind) C++ programmer inserts too many characters for the allocated space. All must agree that a bad programmer will over-run string space in any language!
-- Jerry Feldman
Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
Regards, Colin