On 4/12/07, Munawar Hafiz <[EMAIL PROTECTED]> wrote:
1. Does the C/C++ code use the string library functions (strcpy, strcat, gets etc)?
A quick grep of the sources will answer this. We use both the string library functions and the C++ std::string.
2. Or does it use some sort of buffer bounds checking, either by rewriting the string library, or checking before every buffer operation?
The main bounds checking is done by strncat, strncpy and a few length checks. THere is nothing standard about it.
3. Is the bounds checking available from the first release, or it has been included in a subsequent release? How did the development team go about making this change in the code?
It was in there from the beginning, but gradually improved. There was one patch submitter that did a lot of the converstions from str... to strn... function calls. That was after 1.0.0. Jon -- ________________________________________________________ Jon Keating ICQ: 16325723 [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] http://www.licq.org GPG: 2290A71F http://www.thejon.org HOME: Minamiashigara, Japan
