diff options
Diffstat (limited to 'safety.md')
| -rw-r--r-- | safety.md | 24 |
1 files changed, 23 insertions, 1 deletions
@@ -4,7 +4,29 @@ Each item in Wikipedia's [list of types of memory errors](https://en.wikipedia.o ## Buffer overflow
-bounds checking based on uhhhh something
+Crowbar addresses buffer overflow with bounds checking.
+In C, the type `char *` can point to a single character, a null-terminated string of unknown length, a buffer of fixed size, or nothing at all.
+In Crowbar, the type `char *` can only point to either a single character or nothing at all.
+If a buffer is declared as `char[50] name;` then it has type `char[50]`, and can be implicitly converted to `(char[50])*`, a pointer-to-50-chars.
+If memory is dynamically allocated, it works as follows:
+
+```crowbar
+void process(size_t bufferSize, char[bufferSize] buffer) {
+ // do some work with buffer, given that we know its size
+}
+
+int main(int argc, (char[1024?])[argc] argv) {
+ size_t bufferSize = getBufferSize();
+ (char[bufferSize])* buffer = malloc(bufferSize);
+ process(bufferSize, buffer);
+ free(buffer);
+}
+```
+
+Note that `malloc` as part of the Crowbar standard library has signature `(char[size])* malloc(size_t size);` and so no cast is needed above.
+Note as well that the type of `argv` is complicated.
+This is because the elements of `argv` have unconstrained size.
+TODO figure out if that's the right way to handle that
## Buffer over-read
|