installation

However, they are easy enough to fix in C. A routine search for str...() functions followed by edits the replace them by equivalent strn...() functions each time you revisit some of your older code is very easy and should catch most problems.

I've found that searching for strcat, strcpy, sprintf and vsprintf does the job for me. The script is designed for easy extension if I find that there are library functions I need to include.

I implemented the scan in awk and drive it from a bash script called 'sanitiser'. This walks the complete source code tree while building a list of source files that need attention. I hand the list to my favourite editor by running "$EDITOR $( sanitiser )" - At the same time the script builds a file showing the lines needing attention in a hints file that can be opened in a separate window and read in parallel with editing the source.

--
martin@   | Martin Gregorie 
gregorie. | Essex, UK 
 Click to see the full signature
Reply to
Martin Gregorie
Loading thread data ...

It could be argued that the real root of the problem is not using Harvard architecture designs with separate instruction and data spaces. But there's no way back the only way is forwards and that means coping with the past as it happened.

--
Steve O'Hara-Smith                          |   Directable Mirror Arrays 
C:>WIN                                      | A better way to focus the sun 
 Click to see the full signature
Reply to
Ahem A Rivet's Shot

Indeed, and the same thought was forming in my brain as you were probably writing that.

However there are advantages to being able to mix code and data.

I am not sure if a basic multitasking scheduler could be built without the ability to use data to modify code as it were. Still its early, so I could well be wrong there.

--
No Apple devices were knowingly used in the preparation of this post.
Reply to
The Natural Philosopher

This is of course true. But the very idea of 'have to remember' when a compiler can do that for you is icky - in my point of view.

To get back on the pi-track, I have written several things in python, from utilities to small bot-systems betting on UK/IE horse races, but the lack of compiler makes me do mistakes (like indentation, or trying to print an int on stdout without conversion) which then becomes run-time crashes.

Yes I do know about pylint, but it has to be configured and set up, which I don't HAVE to do, thus I don't do it.

A strict compiler, that is my best friend.

--
--
Reply to
Björn Lundin

Clever. But really. Should one have to resort to this ? Strict compilers for the people, please.

--
--
Reply to
Björn Lundin

I do agree. That picks up most of the inadvertent casting issues.

But it doesn't pick up buffer overflows.

Over the years I have basically asked myself two questions

(a) Is it possible the data going in this buffer could be larger than the buffer? (b) If so, what would happen if I restricted the data to the buffer size, or threw an error?

There are other options,. like always using malloced data after doing a len() or strdup or whatever, but these all imply that you already have the data in a suitably large buffer..

If its coming in a byte at a time, you have to accept the overhead of checking it its out of bounds ...but that is better than having run time checking enforced by the language whether you need it or not.

>
--
No Apple devices were knowingly used in the preparation of this post.
Reply to
The Natural Philosopher

formatting link

Reply to
A. Dumas

If the compiler knows enough, that is if you have a strongly types language, the effect will actually be that some run time checks are eliminated.

a simple for loop in c over an array

int len = 200; int data[len] ;

for (int i=0; i

Reply to
Björn Lundin

I have looked at the download of Rasbian and nowhere can I see what version it is. How do I know it will be Jessie?. I have a new FAT32 formated micro SD card which I can use. As I remember the card I have in use at the moment was bought preloaded when I bought the Pi2 and has nothing of value on it except the WiFi and printers are set up.

Malcolm

--
T M Smith 
Using an ARMX6 and RISC OS 5.21 in the North Riding of Yorkshire
Reply to
T M Smith

In article (Dans l'article) ,

For French speaking people we have the 2016-02-09-raspbian.zip available. It's noted to be Jessie "2016-02-09-raspbian-jessie.img"

--
Jean-Pierre Kuypers
Reply to
Jean-Pierre Kuypers

Thanks Jean-Pierre. Currently updating but stuck at the Wolfram Engine -waiting for headers as others have mentioned. It is jessie that is being down-loaded but not sure what version Malcolm

--
T M Smith 
Using an ARMX6 and RISC OS 5.21 in the North Riding of Yorkshire
Reply to
T M Smith

And the return address is data, so it's still vulnerable. Most programs can be induced to commit mischief by suitably altering the return address.

--
-michael - NadaNet 3.1 and AppleCrate II:  http://michaeljmahon.com
Reply to
Michael J. Mahon

True. Security bugs are the result of sloppy programming. C just makes sloppiness easy. ;-)

Think of C as a gun without a safety...convenient but dangerous in undisciplined hands.

--
-michael - NadaNet 3.1 and AppleCrate II:  http://michaeljmahon.com
Reply to
Michael J. Mahon

the current noobs installs Jessie & is probably the easiest option

--
DOS Air: 
All the passengers go out onto the runway, grab hold of the plane, push it 
 Click to see the full signature
Reply to
alister

I shut down then rebooted and everything zooming along. When it was stalled the green 'activity LED' was giving a very slow weak pulse but its usual bright self at present

Malcolm

--
T M Smith 
Using an ARMX6 and RISC OS 5.21 in the North Riding of Yorkshire
Reply to
T M Smith

It. Is. Right. There. WTF.

formatting link

Reply to
A. Dumas

Some of the other download sites perhaps are not as clear? Anyway, even with the specified site, it's usually good practice to install updates, etc via app-get.

Reply to
Charlie

Yes, I did find this after my post.

--
T M Smith 
Using an ARMX6 and RISC OS 5.21 in the North Riding of Yorkshire
Reply to
T M Smith

In article (Dans l'article) ,

I find now a Web page explaining all what you want to know but didn't dare ask...

--
Jean-Pierre Kuypers
Reply to
Jean-Pierre Kuypers

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.