Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Somebody told me that allocating with malloc is not secure anymore, I’m not a C/C++ guru but I’ve made some stuff with malloc and C/C++. Does anyone know about what risks I’m into?
Quoting him:
[..] But indeed the weak point of C/C++ it is the security, and the Achilles’ heel is indeed malloc and the abuse of pointers. C/C++ it is a well known insecure language. [..] There would be few apps in what I would not recommend to continue programming with C++.”
Actually, that’s wrong. Actually, “C/C++” doesn’t even exist. There’s C, and there’s C++. They share some (or, if you want, a lot of) syntax, but they are indeed very different languages.
One thing they differ in vastly is their way to manage dynamic memory. The C way is indeed using
malloc()/free()and if you need dynamic memory there’s very little else you can do but use them (or a few siblings ofmalloc()).The C++ way is to not to (manually) deal with dynamic resources (of which memory is but one) at all. Resource management is handed to a few well-implemented and -tested classes, preferably from the standard library, and then done automatically. For example, instead of manually dealing with zero-terminated character buffers, there’s
std::string, instead of manually dealing with dynamically allocated arrays, therestd:vector, instead of manually dealing with open files, there’s thestd::fstreamfamily of streams etc.