Not to mention that most would not consider M$ as the leading authorities on how to write "safe" C/C++ code :-)
On Thu, Dec 3, 2009 at 11:07 AM, McKown, John <[email protected]> wrote: > OPINION TIME! > > The "safe" versions are not safer than using some of the others which include > the length of the destination buffer. Such as strncpy, strncmp, and so on. > The strn... functions are multiplatform and standard. The str..._s functions, > from what I have read on the Web, are a Microsoft invention. They are not ISO > or ANSI standard functions, but are being considered. And, according to one > person, were invented by MS strictly as a way to make it more difficult to > port code using them to other systems. > > -- > John McKown > Systems Engineer IV > IT > > Administrative Services Group > > HealthMarkets(r) > > 9151 Boulevard 26 * N. Richland Hills * TX 76010 > (817) 255-3225 phone * (817)-961-6183 cell > [email protected] * www.HealthMarkets.com > > Confidentiality Notice: This e-mail message may contain confidential or > proprietary information. If you are not the intended recipient, please > contact the sender by reply e-mail and destroy all copies of the original > message. HealthMarkets(r) is the brand name for products underwritten and > issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake > Life Insurance Company(r), Mid-West National Life Insurance Company of > TennesseeSM and The MEGA Life and Health Insurance Company.SM > > > >> -----Original Message----- >> From: IBM Mainframe Discussion List >> [mailto:[email protected]] On Behalf Of Charles Mills >> Sent: Thursday, December 03, 2009 10:42 AM >> To: [email protected] >> Subject: Re: Is there a good mailing list or forum for >> mainframe C/C++ specifically? >> >> Thanks. Right. I was thinking of several such possibilities. >> >> There are also "safe" versions of many of the char[] >> functions including >> sprintf, so several of these would have to be written. >> sprintf would be a >> little trickier than the below. >> >> I was just surprised that IBM did not provide "safe" versions >> given that (in >> my informal survey of malware issues) the number one cause of security >> problems in software is "buffer overrun." >> >> Charles > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
