From: John Nagle (nagle_at_[hidden])
Date: 2004-05-06 01:43:17
Reece Dunn wrote:
> There is currently a static-sized array in the Boost library that allows
> you to operate on arrays of fixed size. I was wondering if something
> similar exists for strings, in particular, providing buffer-overflow
> safe string operations.
> I have an nstring< std::size_t n > string class that provides size-safe
> copying and comparison, allowing for you to do things like:
That's an excellent direction in which to be moving.
How far can we go in replacing unsafe C strings? With
the endless reports of buffer overflow exploits, anything
that can be done in that direction would help.
I'd suggest a class with the following properties:
Fixed-allocated strings, with length information.
No calls to "new".
Supports most of the operations allowed for STL strings.
Also supports the "classic" C string operations, like
"sprintf", "strlen", etc., using the classic C syntax for them.
Implicit conversion to "const char*", but not "char *", for
compatibility with existing library calls.
Fully protected against overflow.
It might also be worthwhile to provide "sprintf", "strlen", etc.
for STL strings.
The basic idea is that this should be retrofittable to old code
without major efforts. Ideally, you go through the code with
a program, replacing "char foo[nnn]" with "char_array<nnn> foo",
and "char *" with "char_array&", and it mostly works. Everything
that doesn't work gets a compile-time error. You fix all the compile
time errors, and your program is overflow-proof, at least in
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk