[Cryptography] bounded pointers in C

Fri Apr 18 14:10:52 EDT 2014

On Apr 18, 2014, at 1:51 PM, Viktor Dukhovni <cryptography at dukhovni.org> wrote:
>> C doesn't have nice safe string/array commands ...
> 
> Well written C software solves this with suitable string libraries,
> which though they are not part of the base language, are used
> consistently to handle variable length character data.
> 
>    - Perl, Tcl, Python, ... all have internal data types that
>      are strings with a length.
> 
>    - Postfix has "vstring" and "vstream".
> 
> A major step forward would be to simply extend the standard library
> with a suitably safe set of new interfaces.  Basically safe strings
> and a safe stdio library that works with these.  We don't have to
> make incompatible changes to the language.
See my (2002) article at http://catless.ncl.ac.uk/Risks/21.85.html#subj5.4

                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140418/025bc147/attachment.bin>