Full Disclosure mailing list archives
Re: Firefox 2.0.0.7 has a very serious calculation bug
From: Valdis.Kletnieks () vt edu
Date: Mon, 01 Oct 2007 13:51:22 -0400
On Mon, 01 Oct 2007 13:33:20 EDT, wac said:
If I use strcpy() to read user input into a buffer, I am at fault and not C compiler.I don't think that's a fair comparison. If you make the right algorithm and you do not get the expected results *is* not your fault but what are you sitting at (compiler, framework, library ...).
No, it's still your fault. The *actual* semantics of strcpy() are well documented - if you use it incorrectly because your mental model of what the "expected" results is broken, you're to blame. It's only the library's fault if the provided strcpy() does not in fact provide the actual documented semantics. It isn't required to implement the semantics the programmer *thought* it had.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Firefox 2.0.0.7 has a very serious calculation bug wac (Oct 01)
- <Possible follow-ups>
- Re: Firefox 2.0.0.7 has a very serious calculation bug wac (Oct 01)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Valdis . Kletnieks (Oct 01)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Jimby Sharp (Oct 02)