C is Brittle D is Plastic
Walter Bright
newshound2 at digitalmars.com
Thu Apr 2 05:29:32 UTC 2026
On 4/1/2026 11:55 AM, H. S. Teoh wrote:
> I had to deal with cleaning up string code for compliance with security
> standards. Every module has its own way of working with strings; some
> have fancy buffers with custom functions for building strings (and each
> gratuitously incompatible with the others), others abuse snprintf and
> strncat all over the place (hidden O(n^2) costs, anyone?), and yet
> others outright strcat and sprintf (yes, the unsafe variants!) to a
> buffer whose size is never checked that's passed around as a bare char*.
> (It took some digging to discover that everyone uses the same underlying
> 64k buffer size. Still, extremely scary.)
I made this into a slide for the upcoming Elegant D presentation at Yale!
Too on target to pass up.
More information about the Digitalmars-d
mailing list