On Fri, Jun 21, 2013 at 3:39 PM, Tom Rondeau<address@hidden> wrote:
On Fri, Jun 21, 2013 at 12:41 PM, Marcus D. Leech<address@hidden> wrote:
There are safe uses for unconstrained string functions. Just, well, not
very many...
--
Marcus Leech
No. Never, ever, ever is it ok. I say this using a strlen call now...
(but it's against strings that are hard-coded into our files by us, so
if that breaks, we have only ourselves to blame).
Also, just pushed a fix. This should take care of things.
Tom
Pardon my ignorance here, but would someone mind explaining this a
little more? My intuition is saying that it's unsafe to use strcmp on
user input because there's no checking that there is in fact a sane
string (null terminated), but I haven't been around long enough to be
sure that's the issue or if there's just something more sensible in
boost.
I'd be happy with a link on the topic; I couldn't find anything useful googling.
-Nathan