Author: Russell Reagan
Date: 22:50:41 03/20/04
Go up one level in this thread
On March 20, 2004 at 16:15:23, Dann Corbit wrote: >This is as bad as gets(). Don't ever do that. You open any computer that uses >your program to worm attacks. Imagine if the supplied string is 10,000 >characters long and contains machine instructions to format your hard disk. >People [I use that term loosely here] deliberately exploit programs that use >reads of %s with no length specification and also that use gets(). Also, you >should always check the return of sscanf() and friends. What about using C++ and std::string? You don't have to worry about overrunning a buffer, since you can += characters until you run out of memory. Of course you could crash the program and bring the system to a hault (I think). What is good practice for this kind of stuff in C++?
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.