D2 toStringz Return Type
Steven Schveighoffer
schveiguy at yahoo.com
Sat Nov 8 10:55:39 PST 2008
"Andrei Alexandrescu" wrote
> Steven Schveighoffer wrote:
>> "Andrei Alexandrescu" wrote
>>> Steven Schveighoffer wrote:
>>>> But you probably won't add it. That's ok, I don't use Phobos anyways.
>>>> I'll be sure to add an appropriate function to Tango while porting it
>>>> to D2.
>>> You may want to rethink before putting dangerous functions in
>>> widely-used libraries. Returning a writable zero-terminated char* is as
>>> dangerous as it gets, and fostering bad coding style too.
>>
>> Nonsense. Tango currently has such a function with D 1.x, and I've never
>> heard of any issues with it.
>
> That doesn't mean much of anything.
OK, it's only the most used D library. Sorry for the unrelated reference.
Phobos 1 had the same issue BTW.
> > I think you have overblown the danger here.
>
> And it's not me.
>
> http://marc.info/?l=bugtraq&m=105673479925709&q=p4
> http://seclists.org/vulnwatch/2007/q1/0069.html
> http://www.mail-archive.com/popt-devel@rpm5.org/msg00072.html
> http://sourceware.org/ml/gdb-patches/2005-03/msg00237.html
> http://mailman.mit.edu/pipermail/krbdev/2008-October/007022.html
>
> I got bored of pasting. Just google for strcpy sprintf strcat gets. Again:
> please rethink.
I got bored of reading. Like ore-sama said, your examples have nothing to
do with zero-terminated strings. Some of them even outlaw functions that
take const char *. So by your argument that proof is in these pages, if you
are going to condemn functions that take mutable zero-terminated strings,
you have to do the same for const zero terminated strings. And most of them
are talking about buffer overflow attacks, which would be unlikely (maybe
impossible? I don't know much about it) with heap-allocated strings, which
is what alwaysCopyAndReturnMutableStringz returns.
None of this changes my view. And I'm done arguing, take away from this
what you will.
-Steve
More information about the Digitalmars-d
mailing list