February 12th, 2004 08:43 PM
Why do Buffer Oveflows still exist?
I'm sure this is a stupid question, but to me it seems quite simple. Just check your buffers.
I know that a lot of older programs use things like strcpy and the like, which dont have any sort of protectoin, however, why do they still exist in current applications?
Thanks for any help.
February 12th, 2004 08:44 PM
Because programmers are human and make mistakes due to pressure to get out code quickly rather than in a full stable/secure form?
February 12th, 2004 08:55 PM
It's a complexity thing too.
I'm participating in writing an EPoS system with another 2 developers, which so far > 150k lines of code.
Because of that complexity I can't be sure my code interacts with other peoples code in the way I would predict .
And that's how the problems creep in.
Scale that up to several millions of lines of code and hundreds of developers and problems of this kind become nearly a statistically certainty.
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
February 12th, 2004 10:50 PM
great. thanks, i knew that there had to be some reason.