Full Disclosure mailing list archives

Re: Firefox 2.0.0.7 has a very serious calculation bug

From: Valdis.Kletnieks () vt edu
Date: Mon, 01 Oct 2007 13:51:22 -0400

On Mon, 01 Oct 2007 13:33:20 EDT, wac said:


If I use strcpy() to read user input into a buffer, I am at fault and
not C compiler.



 I don't think that's a fair comparison.
If you make the right algorithm and you do not get the expected
results *is* not
your fault but what are you sitting at (compiler, framework, library ...).


No, it's still your fault.  The *actual* semantics of strcpy() are well
documented - if you use it incorrectly because your mental model of what the
"expected" results is broken, you're to blame.

It's only the library's fault if the provided strcpy() does not in fact
provide the actual documented semantics.  It isn't required to implement
the semantics the programmer *thought* it had.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Firefox 2.0.0.7 has a very serious calculation bug wac (Oct 01)
- <Possible follow-ups>
- Re: Firefox 2.0.0.7 has a very serious calculation bug wac (Oct 01)
  - Re: Firefox 2.0.0.7 has a very serious calculation bug Valdis . Kletnieks (Oct 01)
  - Re: Firefox 2.0.0.7 has a very serious calculation bug Jimby Sharp (Oct 02)