Follow

"When C is your hammer, everything looks like a thumb"

Banned C standard library functions in Git source code:

github.com/git/git/blob/master

@fribbledom insteresting that scanf family is not in the list :blobthinkingcool:

Why would they ban sprintf and strcpy? Those are just standard!

@fribbledom a nice feature would also be to show a safe alternative like

#define strncpy(x,y,n) BANNED(strncpy, strlcpy)
->
"strncpy is banned, use strlcpy"

@gudenau @fribbledom If you code with the intention of bounds checking it shouldn't be that hard. If you decide to add bounds checking after the fact it's kinda shit or miss.

@gudenau @fribbledom Only reason I can think of is that they weren't formally taught, just as I was never formally taught. Then, I've never programmed professionally. It's not like it's optional in professional programming now.

@AskChip @fribbledom I was never formally taught and I was never coding in a professional environment.

@gudenau @fribbledom I'd always read about the exploits and their methods so bounds checking seems like a total necessity.
You can always tell the difference between those who only program for money and those who learned it because it's interesting. Those that find it interesting usually pay more attention to details like making sure things don't overwrite data and/or change program flow.

@AskChip @fribbledom Heck, yesterday I read some documentation on a realloc type method. It used a buffer that contained a limit and pointer, but I dug into the code to make sure it did what it said. :V

@fribbledom Haha, I *just* fixed a strcpy bug in someone else’s code this morning. I replaced strcpy with strncpy though, but I see that’s banned too.

@fribbledom
Personally, I'd just switch the language. C is hard to master.

(Yes, it's not that easy, I know. But using a language that forces you to do many things right, and includes a lot of checks [e.g. Golang], is IMHO better than trying to make an existing language safer)

@KopfKrieg @fribbledom Yay another Gopher!

One of the things that I love from the C++ STL is that operators are defined on the type, not on the container. That would've made generics easier without resorting to runtime overloading (which is very un-Go-y)

Also, there are oddly special functions for standard types in Go - why is there both sort.Sort() and sort.Slice()?

I love the packages concept though.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!