Making sds a typedef for char\* is very convenient. But it makes it very easy to... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		vvde on Feb 6, 2014 \| parent \| context \| favorite \| on: Simple Dynamic Strings library for C Making sds a typedef for char* is very convenient. But it makes it very easy to pass an sds to a function that expects a C string without checking for null bytes. Ruby, Java, Perl, PHP have all had security problems when interacting with C because they failed to properly distinguish binary-safe strings and C strings. http://insecure.org/news/P55-07.txt http://cwe.mitre.org/data/definitions/626.html

kzrdude on Feb 7, 2014 [–]

I'd prefer a typesafe version (that would be a library with a struct type). It could even be a trivial wrapper struct for the char *.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact