问题描述

像strcpy这样的函数现在需要两个无限指针。


无界指针，即没有

范围信息的指针，具有灾难性的失败模式

特别是在*写入主内存时。


一个更好的字符串库会接受*有界*指针。

我们会那么：

char * strcpyN（char * destination，size_t bound1，

char * src，size_t bound2）;


有界指针在C中用于许多界面。

这绝对不是什么新鲜事。


当
$时，它们的使用可以更加通用化b库中的b $ b函数会留下无限指针的痴迷

并接受这种类型。


当然，聪明的编译器可以自动传递

对被调用函数的大小信息，但那将是一个改进。我们需要的是一个标准的

，允许在需要它们的应用程序中广泛使用这种类型的

指针。


因为在许多应用程序中，安全性比保留几个周期更重要。


当然有很多字符串库可以用来支付
这个，但每个都有自己的语法。好多了

将是标准C会鼓励使用

带有字符串库的有界指针

使用它们。


jacob

更好地创建一个新类型，比如说" string"，其中包含类型中的大小信息

。这让我想起了...... :-)

-

Mark McIntyre

CLC FAQ< http：// www。 eskimo.com/~scs/C-faq/top.html>

CLC自述文件：< http://www.angelfire.com/ms3/bchambless0/welcome_to_clc.html>

---- ==通过Newsfeed.Com发布 - 无限制 - 未经审查 - 安全使用网新闻== ----
世界排名第一的新闻组服务！ > 100,000新闻组

--- = 19东/西海岸专业服务器 - 通过加密的总隐私= ---

不存在。一个好的编译器会有自己的方式在调试期间检查它们，仔细的编程将避免它们在生产中。


编号没有办法编写strcpy函数没有

引发了无限指针的灾难性失败。


加上坦率地说，我不认为这是一个问题。我正在将一个数组传递给一个函数并用它做一些事情 - 在你的模型中我需要知道当我写fn时它有多大，这是一个严重的问题。


这正是我的观点。这*是一个严重的问题。你需要* b $ b *必须*在写入时检查数组的界限。


大多数C程序员都不这样做因为不可思议

乏味：


if（strlen（src）< sizeof（dst））

strcpy（src，dst）;


你看到很多类似的代码吗？


想象一下，我正在读取文件中的数据，并为它编制内存，我不知道在编译时有多少内存，即我需要多大的数组。


fread接受有界指针，因为输入缓冲区是有界的/>
按读入的大小!!!

我明白你要做什么，但我确实认为它已经解决了一个问题足够的质量编程。


是的，但它非常适合所以大多数人（包括我）

不要这样做!!!


这正是问题所在。这些函数的接口

是完全错误的。

strncpy完成大部分工作这已经。它没有做，检查目的地的

大小，在调用之前检查自己是微不足道的。

每次通话???


这当然是可能的，但它很糟糕！


你正在做什么机器可以做得更快。

如果我们要浪费时间和精力去做他们的工作会对计算机有什么用？

是的。另一个解决方案是重载[]运算符

并使用有界字符串。这样更容易，但是b $ b可能会引起如此强烈的反对，即更小的b
但是仍然有用的解决方案更好。


jacob

A function like strcpy takes now, two unbounded pointers.

Unbounded pointers, i.e. pointers where there is no
range information, have catastrophic failure modes
specially when *writing* to main memory.

A better string library would accept *bounded* pointers.
We would have then:
char *strcpyN(char *destination, size_t bound1,
char *src,size_t bound2);

Bounded pointers are used in C in many interfaces.
This is absolutely nothing new.

Their use could be made more generalized when the
functions in the C library would leave the obsession
with unbounded pointers and accept this type too.

Of course, clever compilers could pass automatically
size information to the called function, but that would
be just an improvement. What is needed is a standard
that would allow generalized use of this type of
pointers in applications that need them.

Because in many applications security is more
important than sparing a few cycles.

Of course there exist many string libraries that do
this, but each has its own syntax. Much better
would be if standard C would encourage the use
of bounded pointers with a string library
that uses them.

jacob

better to create a new type, say "string", which contains the size info
within the type. What does that remind me of... :-)
--
Mark McIntyre
CLC FAQ <http://www.eskimo.com/~scs/C-faq/top.html>
CLC readme: <http://www.angelfire.com/ms3/bchambless0/welcome_to_clc.html>
----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---

that don''t exist. A good compiler will have its own way to check them during
debugging, and careful programming will avoid them in production.

No. There is no way to write the strcpy function without
provoking a catastrophic failure with unbounded pointers.

Plus frankly, I don''t see this as a problem anyway. I''m passing an array
to a function and doing something with it - in your model I need to know
how big it is when I write the fn, which is a serious problem.
This is precisely my point. This *is* a serious problem. You
*must* check the bounds of the array when writing to it.

Most C programmers do not do it because is incredible
tedious:

if (strlen(src) < sizeof(dst))
strcpy(src,dst);

You see a lot of code like that?

Imagine I''m
reading in data from a file, and mallocing the memory for it, I don''t know
at compile time how much memory ie how large an array I need.

fread accepts bounded pointers, since the input buffer is bounded
by the size to read in!!!
I understand what you''re trying to do but I do genuinely think that its a
problem thats already solvable by adequate quality programming.

Yes, but it is VERY TEDIOUS so most people (me included)
do not do it!!!

This is precisely the problem. The interface of those function
is plain wrong.

strncpy does most of this already. The bit it doesn''t do, checking the

size of the destination, is trivial to check yourself before calling it.

At EACH CALL ???

This is of course possible but it is BAD DESIGN!

You are doing what a machine could do much faster.
What''s the use of computers if we are going to waste
time and effort doing their job?

better to create a new type, say "string", which contains the size info
within the type. What does that remind me of... :-)

Yes. The other solution is to overload the [] operator
and use bounded strings. This is much easier but
probably would provoke such an outcry that a smaller
but still useful solution is better.

jacob

这篇关于Bounds检查了字符串库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！