Please create an account to participate in the Slashdot moderation system


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Sitting too much ages you by 8 years (Score 1) 147

And jogging and bicycling increases your chances to get fatally hit by an automobile, train or plane.

I wondered about that a while back, so I did some investigation into the odds. It turned out that the risk of riding a bike is in the same ballpark as riding in a car when measured on a per-hour basis.

While the risks aren't insignificant, they turned out to be clearly better than the risk of being out of shape and keeling over prematurely from a heart attack or similar problem.

I do avoid some of the things that probably skew the cycling risk numbers higher, such as riding at night, or riding on hilly country roads that lack shoulders.

Comment Re:I get this... (Score 1, Informative) 406

The food in the buffet is inedible - I wouldn't feed it to hogs.

That's funny... that's exactly what they do.

I saw a segment on some TV show a few years ago that featured a guy who collects the abundant leftover buffet food from Las Vegas hotels, mixes it all together, and then delivers it to hog farms. The animals did seem to be enjoying it quite a bit.

Comment Re:Search engine? (Score 1) 286

So you've avoided the need for another function by requiring the user to add *two* separate manual fixups to each call of the most common use case. Do you realize how stupid that is?

Of course, the best practice is to forbid the use of strncpy at all in coding standards, which then involves what you said you wanted to avoid: writing your own function.

I'm not the only one to point this out. Here's the discussion of strncpy from Wikipedia:

Despite the well-established need to replace strcat[10] and strcpy[6] with functions that do not allow buffer overflows, no accepted standard has arisen. This is partly due to the mistaken belief by many C programmers that strncat and strncpy have the desired behavior; however, neither function was designed for this (they were intended to manipulate null-padded fixed-size string buffers, a data format less commonly used in modern software), and the behavior and arguments are non-intuitive and often written incorrectly even by expert programmers.

Comment Re:Search engine? (Score 1) 286

As I said, "sound practice" involves not using that damned function at all. Why do you defend the design of an API that requires you to add an extra line of mitigation code every time you use it?. And why would you accept the performance hit of the extraneous zero padding? It's most likely worse than any of the bounds checking you're so worried about. But an actual "real programmer" would know that.

Comment Re:Search engine? (Score 1) 286

It the function were named "copyTeminatedStringTo_UNTERMINATED_memoryBuffer()", then you'd have a point.

As it is, this non-string function is named just like all of the actual terminated string functions. So you can save your insults; *I* know about this C library fail (along with scores of other fails), but this problem usually crops up multiple times in any significant project with more than a couple of team members. So much so that it's best to prohibit the use of this function altogether in coding standards, and replace it with a home-grown function that does what people actually expect.

Attempts to "fix" the problem by fudging the buffer and setting characters are just asking for fencepost errors. Not to mention the performance penalty for needlessly zeroing out any empty space after the string.

Comment Re:Search engine? (Score 1) 286

Yes, you would naturally assume that best practice is to artificially adjust the buffer length, and to execute a separate statement to add a null char *every* time you call one particular library routine, especially if most every other library routine that starts with "str" does set the null terminator unconditionally and doesn't require you to fudge the buffer length.

Or at least you might assume that if you were an imbecile.

Comment Re:Search engine? (Score 2) 286

That's nice that you have the optional local documentation installed for the C libraries, so you can find out that strncpy() doesn't do what any reasonable person would assume it does without searching the web. (Do you have the POSIX versions installed as well? Sometimes it conflicts with the Linux version, and both can be extremely vague. For those entries, you might have to start searching the web.)

Not to mention that many if not most of the gotchas are in the core language, and man pages won't help you much there.

Comment Re:Search engine? (Score 2) 286

If C developers aren't searching for C info, they ought to be. People may think that C is simple, but it's full of hidden gotchas.

For example, strncpy() doesn't actually do what any reasonable person would assume it does. Using it in the wrong "obvious" way can result in bugs that won't easily be found during testing. There are hundreds more land mines like that sprinkled throughout the C ecosystem, and they all need to be reviewed repeatedly before one can be considered an experienced developer.

Slashdot Top Deals

There are no games on this system.