Technorama

An omnibus of tech posts by a Futurologist on software development primarily.

Saturday, 22 December 2018

 

Drone GPS

Drones should have mandatory transponders and GPS in control packets from controler. Likewise controller should also broadcast GPS position in signals, giving law enforcement an accurate record of the positions

Likewise, if using a SIM card, easy to track
Otherwise, follow it with another drone

Pretty easy to use a trained eagle to take out a drone too

Alternatively, police could use drones or radio controlled model planes with loose string nets and fly into the drone.


Friday, 21 December 2018

 

C++ STL string limitation

the following code gives an error, but actually we all know we want the strings in the regular std::string container, why can't C++ language be updated to resolve this issue?

The fix is to allow dynamic creation of const strings, in this case case a const char [13] containing "hello world", which can then be assigned to the string

//g++ -Wall -o str str.cpp
#include
using namespace std;
int main()
{
    string s = "hello " + "world";
    return 0;
}

$ g++ -Wall -o str str.cpp
str.cpp: In function ‘int main()’:
str.cpp:6:25: error: invalid operands of types ‘const char [7]’ and ‘const char [6]’ to binary ‘operator+’
     string s = "hello " + "world";
                ~~~~~~~~~^~~~~~~~~

Even as this it fails:
string s("hello " + "world");


//g++ -Wall -o str str.cpp
#include
using namespace std;
int main()
{
    string s = "hello " + "world";
    return 0;
}

Sunday, 16 December 2018

 

strlcpy considered harmful

Never use strlcpy from OpenBSD project, it is dangerous and should be deprecated. It trashes buffers and leaves them modified.

strlcpy is terrible, it breaks ISO TR24731 "Do not unexpectedly truncate strings" by overwriting memory before checking there was enough space to copy all the bytes.

Also strlcpy doesn't satisfy ISO 26262 Functional Safety Standard
http://www.ni.com/white-paper/13647/en/

Some easy golden rules.
1. Don't leave a buffer partially modified, if you don't know you you have space, don't update it. Check size first (even prepare the strcat, and then based on that length, if space, actually move it to the dest buffer.
2. Always terminate strings with the NUL byte (this is a defect in strncpy spec)

The security risk is that crucial data is damaged (loss of data), that change and causes software to behave in an unexpected way, if the software is vulnerable - then it is a risk. This is the reason it is better to not damage/corrupt any data in memory by strlcpy.


Quoting this lwn article "The essence of the argument against strlcpy() is that it fixes one problem—sometimes failing to terminate dst in the case of strncpy(), buffer overruns in the case of strcpy()—while leaving another: the loss of data that occurs when the string copied from src to dst is truncated because it exceeds size."

Greg has a similar article

Jake article

Kees article

Brought this up with Theo de Raadt, ego felt too big

Dr Dobbs

So we're back to using strncpy() and manually adding the terminating NUL byte after each use to ensure no overruns.

Alternatively, use the C11 Annex K "safe C" functions, which sadly have not been added to Glibc yet. C11 ISO/IEC 9899:2011  N1967. Fortunately Open Watcom  does support.

C18 also contains Annex K, so hopefully will be widespread soon.

I like the way it bounds checks both buffers:

errno_t strncpy_s(char * s1, rsize_t s1max, const char * s2, rsize_t n);

Personally I would rather it return EFAULT if s1 or s2 point to NULL (nullptr in C++). At least it is always certain it always NUL terminated.

Unfortunately Microsoft implementation allows n to be set to _TRUNCATE, I don't support this. Better to remove all truncation behaviour from strncpy_s. (strcat_s doesn't truncate).

Also, don't use strcpy_s, better to know the number of chars in the source buffer to check before modifying.

I can see why coders use std::string now. There isn't industry consensus on how to fix C strings.

Archives

February 2003   March 2003   April 2003   August 2004   September 2004   December 2004   May 2005   June 2005   December 2006   January 2007   February 2007   March 2007   April 2007   July 2007   August 2007   September 2007   October 2007   November 2007   December 2007   January 2008   February 2008   March 2008   April 2008   May 2008   June 2008   July 2008   August 2008   September 2008   October 2008   November 2008   December 2008   January 2009   February 2009   March 2009   April 2009   September 2009   November 2009   December 2009   January 2010   April 2010   September 2010   October 2010   November 2010   December 2010   January 2011   February 2011   March 2011   April 2011   May 2011   June 2011   July 2011   August 2011   September 2011   October 2011   November 2011   December 2011   January 2012   February 2012   March 2012   April 2012   May 2012   June 2012   July 2012   October 2012   December 2012   March 2013   May 2013   August 2013   September 2013   October 2013   November 2013   March 2014   May 2014   June 2014   July 2014   September 2014   October 2014   December 2014   January 2015   February 2015   March 2015   April 2015   May 2015   June 2015   July 2015   August 2015   September 2015   October 2015   November 2015   December 2015   March 2016   April 2016   May 2016   July 2016   August 2016   September 2016   October 2016   November 2016   December 2016   January 2017   February 2017   March 2017   April 2017   May 2017   June 2017   July 2017   August 2017   September 2017   November 2017   March 2018   April 2018   May 2018   June 2018   August 2018   October 2018   December 2018   January 2019   March 2019   May 2019   August 2019   September 2019   March 2020   April 2020   May 2020   September 2020   October 2020   February 2022   June 2022   July 2022   October 2022   December 2022   February 2023   April 2023   September 2023   October 2023   May 2024   June 2024   July 2024  

This page is powered by Blogger. Isn't yours?

Subscribe to Posts [Atom]