Trend Micro: Open source is more secure | TalkBack on ZDNet

On BNET: Bag a raise in a recession

BNET Business Network:: BNET; TechRepublic; ZDNet

TalkBack 45 of 62:: Next »; « Previous

Thread View
Flat View

There's a problem with your version...: regarding sizeof in the malloc call:

char* myFunction(char *path, char *fname)
{
char* filename = (char*) malloc(sizeof(char*)*MAX_PATH); //problem here

strcpy(filename, path);
strcpy(filename, "\\"); //corrected
strcpy(filename, fname);

return filename;
}

The problem here is that your're using sizeof to get the number of bytes it takes to hold a char pointer(memory address), not a char. Since a char and a char* take up a different amount of space, you will most likely get the wrong amount of bytes needed with malloc, potentially over-stepping the memory obtained. And if you replace the last two strcpy calls with strcat, you get the desired results.

You may be right about his code being "dead code", but if I'm going to have dead code, it should at least be safe so I won't have to risk the compiler not catching it.

Anyways, thanks for the discussion. Hope we could do this again sometime. Cheers!; Posted by: Tony Agudo Posted on: 06/14/06 You are currently: a Guest | Members login | Terms of Use

Reply to Story No further replies to this post will be accepted.

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Trend Micro: Open source is more secure Loverock Davidson | 06/13/06

Loverock Davidson tried to make a funny............... Can you hear me | 06/13/06

It was funny Loverock Davidson | 06/13/06

Funny Richard Flude | 06/13/06

RE: Funny richdave | 06/13/06

Yeah Loverock Davidson | 06/13/06

Funny when I explain why Loverock Davidson | 06/13/06

BSD put a fork in it - never mind, already done. Roger Ramjet | 06/14/06

Now now Loverock Davidson | 06/14/06

I know you are, but what am I? Roger Ramjet | 06/14/06

Yep Loverock Davidson | 06/14/06

Find out what you're talking about bportlock | 06/14/06

You need to know what your talking about Loverock Davidson | 06/14/06

PLEASE!!! Stop feeding this troll! linux for me | 06/14/06

Stop feeding yourself? Loverock Davidson | 06/14/06

I agree mostly Roger Ramjet | 06/14/06

Does it bother you Loverock Davidson | 06/14/06

Roger... Tony Agudo | 06/14/06

Making fun of "stupid" is entertaining Roger Ramjet | 06/14/06

Also could be said Loverock Davidson | 06/14/06

dude - lovey is a girl not of this world | 06/14/06

I just happened to do updates on both an XP box and Linux box this morning George Mitchell | 06/14/06

You forgot one thing NonZealot | 06/14/06

You have the option to choose Loverock Davidson | 06/14/06

Not on updates marked critical when using 'Express Update' George Mitchell | 06/14/06

Great Boot_Agnostic | 06/13/06

The problem is still the number of new lines of code in Vista. Yes, they DonnieBoy | 06/13/06

please talk sense zzz1234567890 | 06/13/06

You mean... Henrik Moller | 06/13/06

Shoot, you beat me to it! Tony Agudo | 06/13/06

Since.... LinuxHippie | 06/14/06

You're close... Tony Agudo | 06/14/06

I noticed decon backed out Linux User 147560 | 06/14/06

I would hardly call that OS code code_Warrior | 06/14/06

I do know to read and write code. Do *nix fanboys know (including DonnieBoy zzz1234567890 | 06/14/06

You had to refer a book? Tony Agudo | 06/14/06

hey.... finally someone answers zzz1234567890 | 06/14/06

Actually... LinuxHippie | 06/14/06

Have you STILL not done your homework?? Zogg | 06/14/06

none from the open source community could answer this zzz1234567890 | 06/14/06

Actually... LinuxHippie | 06/14/06

Re: Actually... Tony Agudo | 06/14/06

Extra correction Tony Agudo | 06/14/06

yes...but LinuxHippie | 06/14/06

There's a problem with your version... Tony Agudo | 06/14/06

I think they were busy laughing at the "sophistication" of the Q... wink

wink

n michael_t | 06/15/06

too bad Linux aint as good zzz1234567890 | 06/14/06

TrendMicro feeling the heat zzz1234567890 | 06/13/06

let see here zzz1234567890 | 06/13/06

The Barbie Principle of Security michael_t | 06/13/06

you missed the point zzz1234567890 | 06/13/06

I'm curious zkiwi | 06/13/06

Security of Trend products. dtbullock | 06/14/06

All Hail King Tux ! st!lborn | 06/14/06

Forking as a security enhancement Roger Ramjet | 06/14/06

Anyone who uses OSS knows it's true Chad_z | 06/14/06

Hey I'm an MCSE voska | 06/14/06

asinine comment Flybyte | 06/14/06

And Trend is known for being a solid, reliable company. HypnoToad | 06/14/06

dinosaurs were a strong, powerful creatures zzz1234567890 | 06/14/06

"Open source is more secure" is NOT NEWS really. michael_t | 06/14/06

Pls slow down there fella's! What's the hurry happy

happy

.... ! michael_t | 06/15/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now
The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Popular Sanity Saver Videos

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More