Answer the question
In order to leave comments, you need to log in
Why can't c++ get rid of buffer overflows?
I don’t know much about C (or C++), but I can’t understand why C (and, or C++) remains the most popular language in the world, without which no big project can do, and at the same time vulnerable, why they can’t get rid of strcpy, this function even has its own page on Wikipedia, and its similar ones, just remove it from the sources, in the new version, for example, C ++ 12 (or C compiler X).
After all, half of the exploits are for overflow, but you can get rid of all of them by simply checking the length, or I don’t know something.
Answer the question
In order to leave comments, you need to log in
REVERSE COMPATIBILITY, heard?
You can't just take and remove this feature.
That is why new ones are added and advised to use them.
Why get rid of strcpy? It's simple and efficient, like most of the C language. Checking the length of a string for each character, or just an additional check, is a check and, as a result, wasted time. With a certain programming culture, code coverage with tests (including those with random data), reviews, and the use of static and dynamic analysis tools, risks can be minimized. In return, you get a fast and lightweight code, with almost no overhead. Due to the lack of an overhead (heavy runtime), this language is popular for all sorts of system things (I'm still skeptical about Rust) + a lot of code has already been written in it and it needs to be maintained + many library interfaces are written in C due to possible problems with ABI, in the case of C++, for example, etc.
In C++, things are different, and you shouldn't interfere (let alone confuse) it with C (well, only if you need to pull something systemic in the depths of your code or write bindings for the C library).
By itself, strcpy is normal, they just don't know how to use it correctly. And it does nothing to prevent misuse. But it is faster than its safer counterparts.
Improved strncpy reduces misuses.
But if execution speed is important to you, and you are sure that you understand well how the function works and have done everything necessary so that the function does not work incorrectly, then why not use strcpy?
Why can't c++ get rid of buffer overflows?
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question