Hacker News new | past | comments | ask | show | jobs | submit login

Good news. Arrays have sizeof(arr)/sizeof(arr[0]) elements and strings have strlen(str) letters.

.. until you pass them as a function argument. And strlen() only works if your null terminator is valid, and doesn't tell you anything about available space in the string buffer for adding to the string.

This kind of thing keeps coming up in vulnerability reports.

This happens because people don't use the tools properly.

If different people keep chopping into themselves with a power tool it's probably wise to consider a safety guard.

Wrong is still wrong, and if someone did it, they did it wrong.

This really isn't complicated. It's hardly obscure. There's no excuse.

They should be using Ada instead of C, amiright /s

I have no way of knowing what they should use.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact