Full Disclosure mailing list archives
Re: C99 Security Alert-Old-New-Who-Cares :) - (:
From: Valdis.Kletnieks () vt edu
Date: Fri, 30 May 2003 11:41:38 -0400
On Fri, 30 May 2003 04:05:32 -0000, "democow ...." <democow8086 () hotmail com> said:
char * strcpy(char * dest,const char *src) { char *tmp = dest; [1] while ((*dest++ = *src++) != '\0') /* nothing */; return tmp; }
Kernighan & Ritchie, "The C Programming Language", had this in the first edition - and correctly noted that this can be further optimized to: while (*dest++ = *src++); eliminating a comparison to '\0'. So not only is it insecure, but it's inefficient, unless you have a *really* good optimizing compiler that can tell that the comparison to null can be optimized away. And yes, you need a *good* optimizer that can see that comparing to a null byte is a special case (for instance, you can't optimize != '\n' the same way).
Attachment:
_bin
Description:
Current thread:
- C99 Security Alert-Old-New-Who-Cares :) - (: democow .... (May 29)
- Re: C99 Security Alert-Old-New-Who-Cares :) - (: Valdis . Kletnieks (May 30)
- <Possible follow-ups>
- RE: C99 Security Alert-Old-New-Who-Cares :) - (: Schmehl, Paul L (May 30)