|
On 07/07/16 03:00 PM, Philipp Janda wrote:
Am 07.07.2016 um 19:11 schröbte Roberto Ierusalimschy:Thanks for your detailed reply here. I had in mind general complaints about how difficult C strings have turned out to be in terms of use and security, but I take your point that they do several things well—especially if we’reconcerned with efficiency. [...]It is very easy to find several flaws in C strings, until you consider all the alternatives.Pretty much every programming language since C has done a better job about strings. One obvious example: C++ strings, which can grow, calculate the size in O(1), and contain NUL characters. You can even have bounds checking on access ...
And cannot be handed over to the OS without first being validated. Remember exploits involving java and NUL and filenames?
Am I the only one who has re-implemented something like C++ strings in C for storing binary data or for building strings piecemeal?Anyway, even Lua doesn't use C-style strings for strings.-- RobertoPhilipp
-- Disclaimer: these emails may be made public at any given time, with or without reason. If you don't agree with this, DO NOT REPLY.