Re: Is this the ultimate stack-smash fix?

From: Florian Weimer (Florian.Weimer@RUS.Uni-Stuttgart.DE)
Date: Sat Feb 17 2001 - 05:47:20 EST (Eric W. Biederman) writes:

> There is another much more effective solution in the works. The C
> standard allows bounds checking of arrays.

The C standard does not allow reliable bounds checking on {signed,
unsigned, vanilla} char arrays, because the corresponding pointers can
address the individual bytes in each object, even the object which
follows the array. To implement things in an efficient manner, you
need fat pointers, which would make sizeof (long) /= sizeof (void *),
which would break quite some software, I think.

IMHO, C is a hopeless case in this area. Fortunately, there is a
number of other programming languages out there which do permit proper
bounds checking on arrays (and have strong, static typing and other
gizmos which make shooting yourself into the foot unintentionally a
bit more difficult).

Florian Weimer 	                  Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart 
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Fri Feb 23 2001 - 21:00:15 EST