[nicoburns]

Using a language that stores the length as part of the type is the real fix here.

[kccqzy]

So are you proposing to use dependently typed languages then? Typical languages like C++ don't make it very convenient.

    template<size_t N>
    void do_something(char (&s)[N]) { ... }

Now when you have a string of unknown length, how do you reify it with that template? In practice languages then have to keep around an unknown type argument at runtime. This is incompatible with most languages where types aren't known at runtime.

[AshamedCaptain]

Why overcomplicate things so much? He probably just meant to use std::string. Programs like this definitely don't need to care about the few dozen bytes added by std::string overhead.

[umanwizard]

std::string stores the length as part of the value, not as part of the type. (That’s probably what nicoburns meant, but it’s clear what caused the confusion).

[GTP]

This for sure, but the codebases that we alreaduly have in C/C++ aren't going anywhere anytime soon.

[pjmlp]

Those that are proper C++ would use a string type instead of raw C strings.

And if those developers care about security, bounds checking would be enabled.

As for C there is hardly anything we can do other than keep fixing exploits until hardware memory tagging becomes a common feature across all major platforms.

[scoutt]

You still need to compare the length against a maximum, wherever it's stored.

[GTP]

No, in that case the language will do that for you.