Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Dark GDK / dbMid... useless?

Author
Message
Profit
18
Years of Service
User Offline
Joined: 19th Feb 2006
Location: United States
Posted: 14th Apr 2006 18:19
Link
I don't really understand the part where getting a single character from a string is actually helpful. So, is there a way to do something like this?
Mid(string,position,length)

common people are walking in line.
Back to top
Profile PM
OSX Using Happy Dude
21
Years of Service
User Offline
Joined: 21st Aug 2003
Location: At home
Posted: 14th Apr 2006 18:26
Link
memcpy(result,(char *) (string+position),length) ?

Blog:http://spaces.msn.com/members/BouncyBrick/
Web Site:http://www.nicholaskingsley.co.uk
Trust me, I know what I'm doing.
Back to top
Profile PM Email Website
IanM
Retired Moderator
22
Years of Service
User Offline
Joined: 11th Sep 2002
Location: In my moon base
Posted: 14th Apr 2006 18:43
Link
Nope, unsafe.

Something like this:


Alternatively, dodges the whole mess by using a proper string class - std::string or even CString if using MFC.

For free Plug-ins and source code http://www.matrix1.demon.co.uk
Back to top
Profile PM Email Website
Profit
18
Years of Service
User Offline
Joined: 19th Feb 2006
Location: United States
Posted: 14th Apr 2006 20:33
Link
Cool. Thanks IanM

common people are walking in line.
Back to top
Profile PM
OSX Using Happy Dude
21
Years of Service
User Offline
Joined: 21st Aug 2003
Location: At home
Posted: 14th Apr 2006 22:20 Edited at: 14th Apr 2006 22:21
Link
Ian - actually yours could be unsafe too - it should be :

if (position < strlen(source))
{
strncpy_s(result,sizeof(result),source,length);
}
else
{
SecureZeroMemory(result,sizeof(result));
}

Thats why the security enchanced STDIO functions are there - extra protection

Blog:http://spaces.msn.com/members/BouncyBrick/
Web Site:http://www.nicholaskingsley.co.uk
Trust me, I know what I'm doing.
Back to top
Profile PM Email Website
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 14th Apr 2006 22:43
Link
here we go...



Back to top
Profile PM
IanM
Retired Moderator
22
Years of Service
User Offline
Joined: 11th Sep 2002
Location: In my moon base
Posted: 15th Apr 2006 01:08
Link
Ah, MS security hype.

If 'result' is a pointer to an array of characters then you will copy a maximum of 3 characters to your string and zero terminate it.

My take on the MS library security enhancements:
They are no safer than the equivalent official standard library functions. If safety was really the issue in MS, they'd use a class that could properly ensure safety, not like these half-arsed 'safe' functions they've introduced.

It will always be the responsibility of the coder to ensure that buffer overflows do not take place - one of the ways of doing this is to provide a class to encapsulate this responsibility. Passing around an extra 'size' value is just too prone to error.

Of course (one for you here CR ), another way of doing this is to use a different language ... .NET based maybe? and leave the responsibility to the compiler writer.

For free Plug-ins and source code http://www.matrix1.demon.co.uk
Back to top
Profile PM Email Website
OSX Using Happy Dude
21
Years of Service
User Offline
Joined: 21st Aug 2003
Location: At home
Posted: 15th Apr 2006 01:25 Edited at: 15th Apr 2006 01:26
Link
You get a nice Windows error prompt with the new functions - its pretty useful as you cant overwrite memory. The only thing you can do is store any result in an invalid place.

Blog:http://spaces.msn.com/members/BouncyBrick/
Web Site:http://www.nicholaskingsley.co.uk
Trust me, I know what I'm doing.
Back to top
Profile PM Email Website
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 15th Apr 2006 03:06
Link
Quote: "and leave the responsibility to the compiler writer."


well if youre saying that if this was anything but a c++ question there would have been no question at all, then yeah, I agree.

Back to top
Profile PM
Back to top

Login to post a reply

Server time is: 2024-11-19 06:32:58
Your offset time is: 2024-11-19 06:32:58