Re: NSTableView - populating from C procedure
Re: NSTableView - populating from C procedure
- Subject: Re: NSTableView - populating from C procedure
- From: Graham Cox <email@hidden>
- Date: Thu, 23 Jul 2009 16:38:42 +1000
On 23/07/2009, at 4:25 PM, Alexander Bokovikov wrote:
I can it understand, when viruses send something illegal to a
webserver, which has flaws in the request processing routine, but in
my case it's an internal function, which, of course, should check
the buffer size, but how it could be accessible for a virus?
If it checks the buffer size and the string size, it should be OK. Not
all dialects of C have historically supported sizeof() for stack-based
buffers but I think all modern ones do. My warning was of a very
general nature, and may not apply to your app. But every time you
declare buffer space as a stack array, you should mentally consider
whether a buffer exploit might be possible there.
--Graham
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden