Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Bell Labs or Microsoft security?

  • From: Richard A Steenbergen
  • Date: Wed Jan 29 12:43:01 2003

On Wed, Jan 29, 2003 at 05:26:06PM +0000, E.B. Dreger wrote:
> 
> If you check before each byte.  Checking for sufficient space
> first ("is there room for a 245-byte string?") is much faster.
> Besides, looking at all the bloated code using indirect function
> calls[*] and crappy code using poor algorithms... is speed really
> a concern?
> 
> [*] Try profiling indirect function calls on x86, especially
>     newer cores.  Such instructions carry a stiff penalty... but
>     there's no shortage of virtual functions in certain software.
>     (Think: OWL and MFC libraries.)

Note I'm making a distinction between fixing the string libraries to 
handle overflow situations better, and changing the entire OS to do array 
bounds checking. One is good, the other is not.

-- 
Richard A Steenbergen <ras@e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.