Comment by vvde
12 years ago
Making sds a typedef for char* is very convenient. But it makes it very easy to pass an sds to a function that expects a C string without checking for null bytes.
Ruby, Java, Perl, PHP have all had security problems when interacting with C because they failed to properly distinguish binary-safe strings and C strings.
http://insecure.org/news/P55-07.txt http://cwe.mitre.org/data/definitions/626.html
I'd prefer a typesafe version (that would be a library with a struct type). It could even be a trivial wrapper struct for the char *.