Anonymous user
Talk:Longest string challenge: Difference between revisions
→bounds checking in C
(→bounds checking in C: new section) |
|||
Line 164:
I believe this claim is false, since crashing can lead to machine compromises in contexts where the data comes from elsewhere. --[[User:Rdm|Rdm]] 02:51, 15 August 2011 (UTC)
:Segfault isn't all that different from <code>kill -9</code>, or even calling <code>exit()</code> for that matter: the process is gone, along with all its memory pages and file handles, leaving not much to be compromised. A crashed program of course can leave behind some inconsistent state around such as half written files, but that's not a problem here. The C code can overrun buffers even if we use <code>fgets</code> (and the fgets length should be 1 less anyway), so the last fix didn't really fix anything, only adding a possibility of wrong result besides crashing. If there is a chance for the program to fail and we are not going to completely prevent it, I'd rather have it fail more obviously. --[[User:Ledrug|Ledrug]] 03:13, 15 August 2011 (UTC)
| |||