[Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon Oct 1 18:51:22 BST 2007
On Mon, 01 Oct 2007 13:33:20 EDT, wac said:
> >
> > If I use strcpy() to read user input into a buffer, I am at fault and
> > not C compiler.
>
>
> I don't think that's a fair comparison.
> If you make the right algorithm and you do not get the expected
> results *is* not
> your fault but what are you sitting at (compiler, framework, library ...).
No, it's still your fault. The *actual* semantics of strcpy() are well
documented - if you use it incorrectly because your mental model of what the
"expected" results is broken, you're to blame.
It's only the library's fault if the provided strcpy() does not in fact
provide the actual documented semantics. It isn't required to implement
the semantics the programmer *thought* it had.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071001/1276e9ec/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.