The probability for particular string comparison being badly written is roughly the same. Packages are not always found, and used [1.5/2]
-
-
…used only by some users. Who would trust 3rd party small module this anyway? [2/2]
1 reply 0 retweets 0 likes -
Btw, there are many many solutions for managing dependencies in C in a sane manner. Here’s mine: http://gypkg.io/
1 reply 0 retweets 0 likes -
Replying to @indutny @BRIAN_____ and
Not to knock your project, but it has essentially 0 market share. Dependencies in C are terrible.
1 reply 0 retweets 0 likes -
Replying to @pcwalton @BRIAN_____ and
This conversation started with particular password comparison failure. If such tmp done naively with `==` - it is as secure as strcmp.
3 replies 0 retweets 1 like -
Replying to @indutny @BRIAN_____ and
The problem is that C encourages use of strncmp because you get strings off the wire that aren’t 0-terminated.
2 replies 1 retweet 1 like -
And strncmp is a footgun. It looks like it compares a slice (in Rust terms) to a string. But it actually only checks for a shared prefix.
2 replies 1 retweet 4 likes -
And strncpy was invented for Unix directory entry (`struct direct`) ancient 14-char filenames, NUL-padded but not necessariliy terminated!
1 reply 4 retweets 3 likes -
Replying to @BrendanEich @pcwalton and
All this old C junk has been trouble. The Morris Worm relied on gets which is by design a buffer overflow prone API. Isn't it past time to +
1 reply 2 retweets 4 likes -
Replying to @BrendanEich @pcwalton and
ring-fence strncmp same as gets and strncpy, move from warnings to throwing, and get rid of them? Easier to do in siloed C code than in JS.
3 replies 2 retweets 1 like
Agreed! *If* C had a proper struct {ptr, len} string API, I agree my criticism of it would be bogus.
-
-
Replying to @pcwalton @BrendanEich and
my fav is strnlen http://man7.org/linux/man-pages/man3/strnlen.3.html …
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.