Re: Ancient history

Nick Maclaren wrote:

> In article <d8kc7h$rat$1@nwrdmz02.dmz.ncs.ea.ibs-infra.bt.com>,
> Andrew Swallow <am.swallow@btopenworld.com> wrote:
>
>>David Wagner wrote:
>>
>>>Nick Maclaren wrote:
>>>
>>>
>>>>My experience (and that of many other people) is that the
>>>>majority of errors in real programs are of the sort that could not
>>>>be caught by a practical C bounds checker.
>>>
>>>I'll take a 20% reduction in security holes, even if it is not
>>>a majority.
>>
>>A simple action is to add a statement saying, "Checks for
>>queue/buffer overflows shall be performed and an appropriate
>>recovery action performed."
>
>
> Even if that causes a 30% incidence of valid programs failing?
>
> The problem is that nobody knows when such things are legal and
> when they are not in C.

There is a queue size somewhere, the programmer should use that.
I am talking about hand coded checks here.
Although the the "recovery" may be to get more memory.

Andrew Swallow
Received on Thu Sep 29 21:43:37 2005