Poxy old computers (was RE: [extropy-chat] SPACE: Spirit Prob lems)

Harvey Newstrom mail at HarveyNewstrom.com
Tue Feb 3 01:21:54 UTC 2004 

On Monday, February 2, 2004, at 05:50 pm, Emlyn O'regan wrote:

> Adrian wrote:
>> including the
>> "nevers" such as strcpy instead of strncpy (or, at
>> least, strcpy into a buffer that could be smaller than
>> necessary).
>
> You can fix a lot of these kinds of problems, also, by only writing in 
> C
> when there is absolutely no alternative. Which is really rather seldom.

Actually, this is not true.  Other computer languages have the same 
basic computer problems as C, usually.  They just hide them from the 
user.  For example, C has pointers that tell you where a string starts. 
  If a pointer is null or points to the wrong spot, you can have a 
problem.  Java doesn't have pointers defined in the language.  Most 
people believe that Java therefore doesn't have pointers in the 
programs.  Not so!  The Java compiler does indeed use pointers, just as 
all machine-language compiled code does.  It just does not provide any 
language equivalent to discuss them or utilize them.  Java programs can 
still crash with a null-pointer error, which confuses Java people who 
think it has no pointers.

Another example:  In C, a string of characters is an array of 
characters.  So the variable NAME_ONE is really a pointer to a series 
of characters.  In C, if you set NAME_TWO to equal NAME_ONE, only the 
pointer is copied.  Both variables point to the same sequence in 
memory.  Thus, any changes to NAME_ONE magically appear changed in 
NAME_TWO, because they really are overlapping memory spaces.  Guess 
what?  Java does the same thing.  Only without the pointers, it isn't 
clear.  Declare a Java string called NAME_ONE.  Declare another 
variable called NAME_TWO and set it equal to NAME_ONE.  Suprisingly, 
any change to one variable appears in the other.  Many Java programmers 
don't know this, because they don't know how the underlying pointers 
and structures are being used.

It is not clear to me if Java fixes the problems of C, or just hides 
them so they are harder to see.

--
Harvey Newstrom, CISSP, CISA, CISM, IAM, IBMCP, GSEC
Certified IS Security Pro, Certified IS Auditor, Certified InfoSec 
Manager,
NSA Certified Assessor, IBM Certified Consultant, SANS Certified GIAC
<HarveyNewstrom.com> <Newstaff.com>

More information about the extropy-chat mailing list