"Halvar�s reaction to Microsoft�s Michael Howard hinting that memcpy may
soon be verboten in Redmond code:
This is an excellent idea – and along
with memcpy, malloc() should be banned. While we are at it, the addition and
multiplication operators have caused so much grief over the last years, I think
it would make total sense to ban them. Oh, and if we ban the memory dereference,
I am quite sure we�d be safe.
Get it? He thinks banning memcpy is a bad
idea!
Here�s why Michael Howard thinks memcpy is a bad idea in secure
code: it copies memory from one location to another, with an unsigned (�can�t be
negative�) count parameter. If you screw the count up, or use a bad offset to
find the copy target, you (or your attacker) have corrupted
memory."
Article Link: http://www.securityfocus.com/blogs/105
