Author: Dann Corbit
Date: 08:03:16 03/22/04
Go up one level in this thread
On March 21, 2004 at 01:50:41, Russell Reagan wrote: >On March 20, 2004 at 16:15:23, Dann Corbit wrote: > >>This is as bad as gets(). Don't ever do that. You open any computer that uses >>your program to worm attacks. Imagine if the supplied string is 10,000 >>characters long and contains machine instructions to format your hard disk. >>People [I use that term loosely here] deliberately exploit programs that use >>reads of %s with no length specification and also that use gets(). Also, you >>should always check the return of sscanf() and friends. > >What about using C++ and std::string? You don't have to worry about overrunning >a buffer, since you can += characters until you run out of memory. Of course you >could crash the program and bring the system to a hault (I think). What is good >practice for this kind of stuff in C++? I am very unimpressed with std::string as far as performance goes. The vector template is OK, though. Lots of the stuff in algorithms in the STL is a real yawner. Terrible pity too, since it has such enormous potential for reuse. I have seen some good attempts at using STL programming. Most notable is probably Greko. You could look over what Vladimir has done to form an opinion. I must say that Vladimir's code is very nice to read.
This page took 0 seconds to execute
Last modified: Thu, 15 Apr 21 08:11:13 -0700
Current Computer Chess Club Forums at Talkchess. This site by Sean Mintz.