home *** CD-ROM | disk | FTP | other *** search
- Path: anvil.ugrad.cs.ubc.ca!not-for-mail
- From: c2a192@ugrad.cs.ubc.ca (Kazimir Kylheku)
- Newsgroups: comp.lang.c
- Subject: Re: ANSI C and POSIX (was Re: C/C++ knocks the crap out of Ada)
- Date: 11 Apr 1996 11:27:04 -0700
- Organization: Computer Science, University of B.C., Vancouver, B.C., Canada
- Message-ID: <4kjitoINNh41@anvil.ugrad.cs.ubc.ca>
- References: <JSA.96Feb16135027@organon.com> <829066525snz@genesis.demon.co.uk> <dewar.829096975@schonberg> <yxspw9eommk.fsf@stint.cl.cam.ac.uk>
- NNTP-Posting-Host: anvil.ugrad.cs.ubc.ca
-
- In article <yxspw9eommk.fsf@stint.cl.cam.ac.uk>,
- Gareth Rees <gdr11@cl.cam.ac.uk> wrote:
- >Robert Dewar <dewar@cs.nyu.edu> wrote:
- >> Highly imprecise thinking here I fear. There is no practical way for
- >> any implementation to do the check you mention (this = value in 3rd
- >> argument that is greater than the available buffer size).
- >
- >But the *programmer* can do the check while writing the program! The
- >programmer must have declared or allocated a buffer of some size.
- >Consider: if I wrote code like
- >
- > #include<stdio.h>
- >
- > int main () {
- > char buf[80];
- > /* Input lines are always 78 characters or less, so the limit of
- > 100 can never cause a buffer overflow */
- > while (fgets(buf,100,stdin))
- > puts(buf);
- > return 0;
- > }
- >
- >you would quite rightly point out that this is gratuitously broken and
- >that it would cost me nothing (and gain a lot) to change `100' to `80'.
- >It's the same with the buffer size in `read'. Why make the byte count
- >larger than the buffer size when you don't have to?
-
- Because only careful rationality can convince you not to it, not the vague
- POSIX specification for the read function.
-
- What about the select() call? Would you assume that the timeval structure is
- modified by select() if every system you ever used select() with left the
- structure alone? This is not as clear-cut as the read() case.
-
- On some systems, the parameter is even declared as ``const struct timeval
- *timeout'', which is a promise that it won't me modified. Yet under Linux it
- _is_ modified.
-
- It's safer to write code that assumes the structure will be modified, but I
- would not have even thought of it until coming to Linux.
-
- To this date, I have personally ``fixed'' two or three programs because of this
- difference, the most recent of which was the old BSD game ``hunt''.
-
- It comes with Slackware, compiled for AF_UNIX sockets---unlike me who was
- desperate for a good match with some buddies, they apparently just gave up
- getting it work properly with AF_INET. Due to the select() difference, the
- client would not wait enough for a server reply over a slow network, since the
- game would use the same struct timeval each time select() was called without
- re-initializing its contents.
- --
-
-