|
|
|
|
|
|
by gwmnxnp_516a
1823 days ago
|
|
|
But C lacks even strings, lots of C bugs and vulnerabilities are related to memory management, memory ownership and string handling. Even the C subset of C++ is better than C since it at least has more explicit type conversions that forces the developer to state his or her intent. One example of the C string problem is the strcpy(buffer, char* string) that copies a string to a buffer. If an external actor discovers how to manipulate the string size, he or she can take advantage of this buffer overflow vulnerability and even execute arbitrary code remotely if it is used in a server. If the application with this problem is a file, one create a specially crafted file to take advantage of this design flaw. However using C in the case of the original poster does not matter much as the application is game-related not subject to untrusted input. |
|
|
It is pity there is no alternative "standard library" with safer data struct and operations.
There are some attempts, for example, relatively wildly known klib: https://github.com/attractivechaos/klib