|
|
|
|
|
|
by jankedeen
3300 days ago
|
|
|
There are basically two rules to a well written C program (if I am now allowed to speak despite the public outcry). 1. Do not trust user input. This is a cardinal rule in whatever source. If the rule were followed vigorously in
every case there would be 90% less exposure. When you take user input, filter.
2. Learn the standard and stick to it. Finally #3 (unix) Write an application to do a certain thing well. |
|
|
On #1, having just stumbled across a deserializer that can be commanded to allocate a 2^63 byte buffer, I agree 110%.
On #2, the problem is that the standard says things like "walking off the end of an array is undefined behavior" and "use after free is undefined behavior" yet we don't seem to have any programmers who can be trusted to reliably avoid these problems with zero runtime checking.