nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bell Labs or Microsoft security?

From: Richard A Steenbergen <ras () e-gerbil net>
Date: Wed, 29 Jan 2003 12:36:22 -0500

On Wed, Jan 29, 2003 at 05:26:06PM +0000, E.B. Dreger wrote:


If you check before each byte.  Checking for sufficient space
first ("is there room for a 245-byte string?") is much faster.
Besides, looking at all the bloated code using indirect function
calls[*] and crappy code using poor algorithms... is speed really
a concern?

[*] Try profiling indirect function calls on x86, especially
    newer cores.  Such instructions carry a stiff penalty... but
    there's no shortage of virtual functions in certain software.
    (Think: OWL and MFC libraries.)


Note I'm making a distinction between fixing the string libraries to 
handle overflow situations better, and changing the entire OS to do array 
bounds checking. One is good, the other is not.

-- 
Richard A Steenbergen <ras () e-gerbil net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Previous By Date Next
Previous By Thread Next

Current thread: