"When C is your hammer, everything looks like a thumb"

Banned C standard library functions in Git source code:

@fribbledom insteresting that scanf family is not in the list :blobthinkingcool:

Why would they ban sprintf and strcpy? Those are just standard!

@fribbledom a nice feature would also be to show a safe alternative like

#define strncpy(x,y,n) BANNED(strncpy, strlcpy)
"strncpy is banned, use strlcpy"

@gudenau @fribbledom If you code with the intention of bounds checking it shouldn't be that hard. If you decide to add bounds checking after the fact it's kinda shit or miss.

@gudenau @fribbledom Only reason I can think of is that they weren't formally taught, just as I was never formally taught. Then, I've never programmed professionally. It's not like it's optional in professional programming now.

@AskChip @fribbledom I was never formally taught and I was never coding in a professional environment.

@gudenau @fribbledom I'd always read about the exploits and their methods so bounds checking seems like a total necessity.
You can always tell the difference between those who only program for money and those who learned it because it's interesting. Those that find it interesting usually pay more attention to details like making sure things don't overwrite data and/or change program flow.

@AskChip @fribbledom Heck, yesterday I read some documentation on a realloc type method. It used a buffer that contained a limit and pointer, but I dug into the code to make sure it did what it said. :V

@fribbledom Haha, I *just* fixed a strcpy bug in someone else’s code this morning. I replaced strcpy with strncpy though, but I see that’s banned too.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!