Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it secure to use malloc?

Tags:

c++

c

malloc

Somebody told me that allocating with malloc is not secure anymore, I'm not a C/C++ guru but I've made some stuff with malloc and C/C++. Does anyone know about what risks I'm into?

Quoting him:

[..] But indeed the weak point of C/C++ it is the security, and the Achilles' heel is indeed malloc and the abuse of pointers. C/C++ it is a well known insecure language. [..] There would be few apps in what I would not recommend to continue programming with C++."

like image 315
Felix Avatar asked May 15 '10 16:05

Felix

3 Answers

Maybe your friend is older, and isn't familiar with how things work now - I used to think C and C++ were effectively the same until I discovered many new things about the language that have come out in the last 10 years (most of my teachers were old-school Bell Laboratories guys who wrote primarily in C and had only a cursory knowledge of C++ - and Bell Laboratories engineers invented C++!). Don't laugh at him/her - you might be there someday too!

I think your friend is uncomfortable with the idea that you have to do your own memory management - ie, its easy to make mistakes. In that regard, it is insecure and he/she is correct... However, that insecure aspect can be overcome with good programming practices, like RAII and using smart pointers.

For many applications, though, having automated garbage collection is probably fine, and some programmers are confused about how pointers work, so as far as getting new, inexperienced developers to program effectively in C/C++ without some training might be difficult. Which is maybe why your friend thinks C/C++ should be avoided.

like image 119
J. Polfer Avatar answered Sep 21 '22 18:09

J. Polfer

It's the only way to allocate and deallocate memory in C natively. If you misuse it, it can be as insecure as anything else. Microsoft provides some "secure" versions of other functions, that take an extra size_t parametre - maybe your friend was referring to something similar? If that's the case, perhaps he simply prefers calloc() over malloc()?

like image 20
mingos Avatar answered Sep 19 '22 18:09

mingos

If you are using C, you have to use malloc to allocate memory, unless you have a third-party library that will allocate / manage your memory for you.

Certainly your friend has a point that it is difficult to write secure code in C, especially when you are allocating memory and dealing with buffers. But we all know that, right? :)

like image 35
Justin Ethier Avatar answered Sep 20 '22 18:09

Justin Ethier
Sign in to Comment

Related questions

Is there a way to use standalone `std::begin` and for a const_iterator?
How can I access argc and argv in c++ from a library function
Prevent creation of class whose member functions are all static
Is it more efficient to branch or multiply?
How to define a 2D array in C++ and STL without memory manipulation?
a small issue with std::vector and changing the collection while looping through it
What type is a macro considered? [duplicate]
How to revive C++ skills
C++ DateTime class
Fastest way to obtain the largest X numbers from a very large unsorted list?
I just don't get the C++ Pointer/Reference system
how to convert utf-8 to ASCII in c++?
Deallocating objects stored in a vector?
cerr is undefined
Why hasn't my variable changed after applying a bit-shift operator to it?
What advantage does C++ have over .NET when it comes to to game development and apps like VirtualBox
How can I enumerate/list all installed applications in Windows XP?
#define NULL NULL
Brackets around 0 in "return (0);" statement in 'main' function - what are they for? [duplicate]
How to compute maximum pixel value of Mat in OpenCV [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!