On Mon, 01 Oct 2007 13:33:20 EDT, wac said: > > > > If I use strcpy() to read user input into a buffer, I am at fault and > > not C compiler. > > > I don't think that's a fair comparison. > If you make the right algorithm and you do not get the expected > results *is* not > your fault but what are you sitting at (compiler, framework, library ...). No, it's still your fault. The *actual* semantics of strcpy() are well documented - if you use it incorrectly because your mental model of what the "expected" results is broken, you're to blame. It's only the library's fault if the provided strcpy() does not in fact provide the actual documented semantics. It isn't required to implement the semantics the programmer *thought* it had.
Attachment:
pgpNE4yjHQpr7.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/