[SC-L] Programming language comparison?
Steven M. Christey
coley at linus.mitre.org
Tue Feb 5 16:44:57 EST 2008
On Mon, 4 Feb 2008, ljknews wrote:
> > ("%99999999s" to fill up disk or memory, anybody?), so it's marked with
> > "All" and it's not in the C-specific view, even though there's a heavy
> > concentration of format strings in C/C++.
>
> It is marked as "All" ?
>
> What is the construct in Ada that has such a risk ?
Hmmmm, I don't see any, but then again I don't know Ada. Is there no
equivalent to format strings in Ada? No library support for it?
Your question actually highlights the point I was trying to make - in CWE,
we don't yet have a way of specifying language families, such as "any
language that directly supports format strings," or "any language with
dynamic evaluation."
- Steve
More information about the SC-L
mailing list