Secure Coding mailing list archives

Programming language comparison?

From: ljknews at mac.com (ljknews)
Date: Tue, 5 Feb 2008 23:36:45 -0500

At 4:44 PM -0500 2/5/08, Steven M. Christey wrote:

On Mon, 4 Feb 2008, ljknews wrote:

("%99999999s" to fill up disk or memory, anybody?), so it's marked with
"All" and it's not in the C-specific view, even though there's a heavy
concentration of format strings in C/C++.


It is marked as "All" ?

What is the construct in Ada that has such a risk ?


Hmmmm, I don't see any, but then again I don't know Ada.  Is there no
equivalent to format strings in Ada?  No library support for it?


Not that I know of, but if you can specify a Pascal equivalent
I might be able to see what you are aiming at.  Have you evaluated
Pascal for this defect that is present in "All" languages ?

Your question actually highlights the point I was trying to make - in CWE,
we don't yet have a way of specifying language families, such as "any
language that directly supports format strings," or "any language with
dynamic evaluation."


Your choice of terminology is yours to make, only within the
bounds of reasonable use of English.  In English there is a
distinct difference between the terms ALL and SOME, between
the terms ALL and MANY and even between the terms ALL and MOST.
-- 
Larry Kilgallen

Current thread:

Programming language comparison? Vincent Verhagen (Feb 04)
- Programming language comparison? Robert A. Martin (Feb 04)
  - Programming language comparison? Steven M. Christey (Feb 04)
    - Programming language comparison? ljknews (Feb 04)
    - Programming language comparison? Steven M. Christey (Feb 05)
    - Programming language comparison? Robert C. Seacord (Feb 05)
    - Programming language comparison? ljknews (Feb 05)
    - Programming language comparison? Pete Shanahan (Feb 06)
    - Programming language comparison? Shea, Brian A (Feb 06)
- Programming language comparison? Craig E. Ward (Feb 04)
- Programming language comparison? Vincent Verhagen (Feb 05)