- 论坛徽章:
- 1
|
Most buffer overflow problems in C can be traced directly back to the standard C library. The worst culprits are the problematic string operations that do no argument checking (strcpy, strcat, sprintf, gets). Generally speaking, hard and fast rules like "Avoid strcpy()" and "Never use gets()" are close to the mark.
Programs written today still make use of these calls, because developers are never taught to avoid them. Some people pick up a hint here and there, but even good developers can screw up. They may use homegrown checks on the arguments to dangerous functions, or incorrectly reason that the use of a potentially dangerous function is "safe" in some particular case.
因为和这个人说的差不多。 |
|