From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: * X-Spam-Status: No, score=1.3 required=5.0 tests=BAYES_00,INVALID_MSGID, MSGID_RANDY autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,32a9c4641bed19de X-Google-Attributes: gid103376,public From: Robert Dewar Subject: Re: FY Ammo: Study about Security Bugs Date: 1999/11/26 Message-ID: <81m2r3$ba0$1@nnrp1.deja.com>#1/1 X-Deja-AN: 553262871 References: <81k5oi$44k$1@nnrp1.deja.com> X-Http-Proxy: 1.0 x26.deja.com:80 (Squid/1.1.22) for client 205.232.38.14 Organization: Deja.com - Before you buy. X-Article-Creation-Date: Fri Nov 26 13:44:03 1999 GMT X-MyDeja-Info: XMYDJUIDrobert_dewar Newsgroups: comp.lang.ada X-Http-User-Agent: Mozilla/4.04 [en] (OS/2; I) Date: 1999-11-26T00:00:00+00:00 List-Id: In article , lutz@iks-jena.de (Lutz Donnerhacke) wrote: > * Robert Dewar wrote: > >1. If checks are on, out of range subscripts will be caught > >by exceptions. > > And if they are not caught, ... we have a Buffer/Range-Overflow in Ada. No, read my message more carefully. The buffer overflows in C come from a certain style of low level programming that is foreign to Ada, and in practice this kind of error is FAR less likely to occur in Ada programs. The style of free use of pointers, pointer arithmetic, and obviously dangerous unchecked routines like memcpy leads to a situation in C where the path of least resistance is to write code susceptible to the kind of buffer overruns that are discussed here. A typical Ada program will be programmed at a different level where it is far less likely that the programmer will make a similar mistake Sent via Deja.com http://www.deja.com/ Before you buy.