[CLUE-Tech] OT: C code security - what to look for?

Matt Gushee matt at gushee.net
Sun Aug 10 21:02:13 MDT 2003 

On Sun, Aug 10, 2003 at 12:51:55PM -0600, Match Grun wrote:
> 
> Have you considered starting a SourceForge project for your OCAML stuff?
> I just checked to find about 20 something projects for OCAML there.

Yes, and I may do it for the GD wrapper. But, as I made a point of
saying in my post, I don't think I can rely on the community to get the
code where I want it when I want it. I've asked about this on the OCaml
mailing list, and the responses I got suggested that many people are
interested in having a good graphics library, but nobody was quite as
motivated as I am to do something about it.

On Sun, Aug 10, 2003 at 02:01:45PM -0600, Bruce Ediger wrote:

Lots of good stuff. Thanks.
> 
> I think that not developing and rigorously following a personal coding
> standard (including indentation and braces style) causes a lot of
> problems.  If you do certain things by habit, you won't screw them up
> very often.  Since you're an OCaml type, you should consider writing C as
> "functional" as possible.

Well, I don't know that I'm necessarily an "OCaml type." It is my
preferred language these days, but I've done a lot of work in Python, a
bit in Java, and played with several other languages. And actually,
having gotten started on this project, I find the logic and syntax of C
to be fairly simple. It's just the hidden gotchas that I'm concerned
about.

> Avoid "Hungarian Notation".

eOh, avDon't vWorry pAbout pnThat! I hate Hungarian Notation. But is
there a particular reason you brought that up?


On Sun, Aug 10, 2003 at 04:05:11PM -0600, David Anselmi wrote:
> >
> >Well, this isn't strictly a Linux question,
> 
> And I don't strictly have an answer...

How DARE you! ;-)

> >Here I am, the new maintainer of the OCaml interface to GD.
> 
> I assume that GD is written in C,

Yes; its home page <http://www.boutell.com/gd/> prominently states that
it is ANSI C.

> and you want to call its functions 
> from OCaml.  I've heard people talk about that before but never 
> understood how to do it.  E.g., you can use the Qt libs from Ada.

Well, like many other languages, OCaml provides support for interfacing
with C. There are headers defining useful macros and C representations
of OCaml datatypes, and there are compiler options for building wrapper
libraries.

> Can you post an example, or a pointer to somewhere that explains how to 
> do this?

Example: http://havenrock.com/pub/gd4o/gd4o-1.0a2.tar.gz  ;-)
         (if you do look at this, 'gdstubs.c' and the Makefile
          will be the most informative)
Explanation: http://caml.inria.fr/ocaml/htmlman/manual032.html

> >  What kinds of problems should I watch for (I know about buffer
> >    overruns ... what else?)?
> 
> Big topic.  Really what you want is to write quality code.  But if 
> you're writing an interface, isn't most of the code (and bugs) in the GD 
> library itself?

Well, I hope so. I'm just paranoid, because I've heard so much about the
horrible things that can go wrong with C and C++ (of course, I've heard
a lot of that from Java advocates--not the world's most unbiased
source).

-- 
Matt Gushee                 When a nation follows the Way,
Englewood, Colorado, USA    Horses bear manure through
mgushee at havenrock.com           its fields;
http://www.havenrock.com/   When a nation ignores the Way,
                            Horses bear soldiers through
                                its streets.
                                
                            --Lao Tzu (Peter Merel, trans.)

More information about the clue-tech mailing list