Using SafeStr in C

Question

Using SafeStr in C

I read about using safe strings in the next place

https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=5111861

This is indicated below.

When used correctly, SafeStr strings can resolve many of these errors and provide backward compatibility with legacy code.

My question is what does the author mean "ensure backward compatibility with legacy code."? Ask for an example.

Thank you for your time and help.

+4

c

venkysmarty Apr 9 '13 at 14:24

source share

2 answers

From this page:

The library is based on the safestr_t type, which is fully compatible with char *. This allows you to overlay safestr_t structures on char *.

This is some backward compatibility with all existing code that accepts char * or const char * pointers.

+3

user9876 Apr 9 '13 at 14:29

source share

Prof. · Accepted Answer · 2013-04-09T14:28:06+0000

This means that functions from the standard libc (and others) that expect simple, endlessly completed char arrays will work even on those SafeStr s. This is probably achieved by setting the control structure with a negative offset (or some other trick) from the beginning of the line.

Examples: strcmp() printf() , etc. can be used directly in strings returned by SafeStr.

On the contrary, there are other string libraries for C that are very smart and dynamic, but these strings cannot be sent without conversion to the old-school functions.

Using SafeStr in C

More articles: