From: lars@beagle-ears.com   
      
   On 2026-02-04, c186282  wrote:   
   >    Being able to pass pointers back and forth is   
   >    a strong point with 'C'. In theory this COULD   
   >    be exploited by evil actors, but I can't find   
   >    any clear doc on whether it's been done to   
   >    any relevant degree. Most security probs result   
   >    from developer stupidity, not from the underlying   
   >    language and methods.   
   >   
   >    Amazing how many still allocate mem, or even   
   >    just string space or use thereof, without the   
   >    slightly newer functions that let you specify   
   >    just HOW many bytes are involved. "Buffer   
   >    overflow" is still a prime attack vector. Keep   
   >    seeing it in M$ warning notes and no doubt   
   >    there's similar idiocy in Linux/UNIX apps   
   >    as well.   
      
   This was the great thing about i286 protected mode.   
   It was trivial to substitute a malloc()/free() pair where   
   malloc()'ed structures were segment that would trap any buffer   
   overflows.   
      
      
   --   
   Lars Poulsen - an old geek in Santa Barbara, California   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)