Post by Neil Rieck
But to answer a previous post, zero length strings are not the problem;
it is how they are used (static vs dynamic via malloc).
I'm not sure I follow. (I've corrupted the stack and the heap with
BASIC code, too. It's somewhat harder than hosing the stack or the
heap with C, Macro32 or Bliss, but it's certainly feasible.) Placing
string metadata where it easily gets stomped on or truncated was a
problematic choice for C, and which is why some C string-handling calls
are better than others, and why compile-time flagging some of the more
problematic calls can be beneficial to developers.
Since you have some experience in another area, the null in a C string
has some similarities to the use of in-band signaling found in older
telephone systems. The results of that mixing of user data and
metadata together and in-band were... problematic. But I digress.
Post by Neil Rieck
We do a lot of stuff in this shop with DEC-BASIC talking to DEC-C and
it is really easy to convert to-from "VMS style" strings when they are
I'd prefer a more standard way to call into C code from OpenVMS code
that expects descriptors, but most of us are using jackets for that.
Sometimes we end up with more jackets than we want, as has been
happening in cases where the OpenVMS C library diverges from C on other
platforms, too. We've been wrestling with these issues for more many
All of this stuff also ties right back to those "OpenVMS is secure!"
threads, too. It's not just the platform itself — Linux, Unix, macOS,
OpenVMS, whatever – that gets into trouble with buffer overflows or
other vulnerabilities, it's also the apps. Making those apps easier to
write and to test (newer compiler standards, languages, frameworks),
more reliable against common coding mistakes (flagging any use of
strlen during a C compilation, for instance), more secure against
network shenanigans (easier frameworks combining networking, DNS,
encryption, authentication, certificate verification), and better
isolated in the event of a breach (BSD-style pledge, jails, app and
system address space randomization and no-execute, etc), is (would be)
a benefit to folks developing for and using OpenVMS servers. VSI is
working on pieces and parts here, too.
Pure Personal Opinion | HoffmanLabs LLC