Linux Today: Linux News On Internet Time.

Alternatives for Unsafe Strings Functions in C

Feb 15, 2009, 02:03 (1 Talkback[s])

[ Thanks to An Anonymous Reader for this link. ]

"A string is not a built-in data type in C, instead it is termed as a continguous sequence of characters terminated by a NULL character (‘’). Now, many of the “standard” string manipulation functions written in early part of C development took this definition by heart, assumed that a programmer always knows what he is doing (though I agree that this MUST be true), and put out a code meant to be used in an everyone-is-good world. Subsequently, the shortcomings were noticed, stronger sibling functions were created but the older ones are still supported because they are “standard”. This means that naive programmers continue to use them and put their programs’ security into jeopardy. This series will do an in-depth analysis of such unsafe functions, tell you why they are unsafe, and bring out what alternatives you have in-built and what alternatives you can create."

Complete Story

Related Stories: