Re: Public disclosure of discovered vulnerabilities
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: Public disclosure of discovered vulnerabilities

From: Andrew Swallow <am.swallow@btopenworld.com>
Date: Sun Jun 05 2005 - 16:10:52 CEST



Paul Rubin wrote:



> "Douglas A. Gwyn" <DAGwyn@null.net> writes:


> 


>>Wrong.  I don't think you understand the actual


>>technical issues.  toupper can be safely used


>>with no special checks at each invocation.  But


>>you have to do things right in the first place.


> 


> 


> The technical issue is that a sensibly defined toupper function would


> work for all possible char values, but the one defined in the standard


> only works for some of those values.  The standard's way of doing


> things is not sensible.



The technical issue is that CHAR should be unsigned by default.


Characters are not integers and do not have sign bits.



For 8 bit integers something like TINY INT would have been a more 


appropriate name.



Andrew Swallow


Received on Thu Sep 29 21:40:18 2005