Mail Archives: pgcc/1998/07/13/03:20:57

www.delorie.com/archives/browse.cgi

search

Mail Archives: pgcc/1998/07/13/03:20:57

X-pop3-spooler: POP3MAIL 2.1.0 b 4 980420 -bs-

Date: Sun, 12 Jul 1998 23:24:47 -0400 (EDT)

From: David Waite <davewait AT freenet DOT tlh DOT fl DOT us>

To: Vincent Diepeveen <diep AT xs4all DOT nl>

cc: Tuukka Toivonen <tuukkat AT ees2 DOT oulu DOT fi>, beastium-list AT Desk DOT nl

Subject: Re: weird things of gcc

In-Reply-To: <3.0.32.19980711235055.0097bda0@xs4all.nl>

Message-ID: <Pine.OSF.3.96.980712232343.20138A-100000@fn3.freenet.tlh.fl.us>

MIME-Version: 1.0

Sender: Marc Lehmann <pcg AT goof DOT com>

Status: RO

Lines: 19

> >>"the 'gets' function is dangerous and should not be used."
> >
> >The gets() function does not check how long string the user
> >gives; if it is too long string and does not fit in sOut
> >array, you have a bug in your program (memory corruption).
> 
> 120 bytes. Why would it give memory corruption, knowing it's just a pointer
> to an existing array of 120 bytes? I only give it an address where it needs
> to put the small string. 
> 
> What's wrong with this, and yes i don't want it to check how long the
> string is, it just must put the string at that address , that's it!
> 

Well, if the program is a user daemon, you have a security flaw on your
hands for one =)

-David Waite

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-pop3-spooler:	POP3MAIL 2.1.0 b 4 980420 -bs-
Date:	Sun, 12 Jul 1998 23:24:47 -0400 (EDT)
From:	David Waite <davewait AT freenet DOT tlh DOT fl DOT us>
To:	Vincent Diepeveen <diep AT xs4all DOT nl>
cc:	Tuukka Toivonen <tuukkat AT ees2 DOT oulu DOT fi>, beastium-list AT Desk DOT nl
Subject:	Re: weird things of gcc
In-Reply-To:	<3.0.32.19980711235055.0097bda0@xs4all.nl>
Message-ID:	<Pine.OSF.3.96.980712232343.20138A-100000@fn3.freenet.tlh.fl.us>
MIME-Version:	1.0
Sender:	Marc Lehmann <pcg AT goof DOT com>
Status:	RO
Lines:	19