On Mon May 8 2023 23:41:03 Dr. Nikolaus Klepp via tde-devels wrote:
https://dwheeler.com/secure-programs/Secure-Programs-HOWTO/dangers-c.html
Sorry to spoil the party, but on this page contains errors (I have not read further ) "read(fd, &len, sizeof(len));" is utterly BS.
That's a perfectly reasonable way to read a binary integer into len if you know that the integer to be read is compatible with the size_t of the arch. For example if you are merely piping data between parent and child processes.
However the result of the read should have been checked and then the data read into len should also have been thoroughly checked.
The examples exist to point out the dangers of not validating lengths and of confusing size_t, int, and unsigned int - all of which may be different.
--Mike