From the course: Secure Coding in C
Understanding the weaknesses of C - C Tutorial
From the course: Secure Coding in C
Understanding the weaknesses of C
- [Instructor] The C Language isn't weak. Its creators set out to make it powerful, a mid-level language that expedited the computing needs back in the day. Like the internet, C was designed in a more trusting era, back when scientists prioritized creating bug-free programs as opposed to defensively guessing how a bad operator could exploit the code. Thanks to its popularity, the C language has endured. It's still preferred today for programming microcontrollers and working on operating systems. Even that fancy new programming language that everyone's raving about has a heart that was coded in C. So what makes C more vulnerable than that fancy new language? C's data types are primitive. They're far more limited than data types available to newer languages. The data typing is weak, for example a character data type can hold either a character or a value, the interpretation is up to the programmer. Integer values can easily switch between positive and negative. A Boolean type is implemented only in code, not natively, and strings are messy. They can be created without proper termination. Memory allocation, use, and release in C is overseen by the programmer, not the language. It's terribly easy in C to access memory beyond the allocated chunk, a process that's strictly controlled in other languages. Array and string bounds are monitored by the programmer. Accessing invalid array elements is possible without any warning. Buffers can overflow because only the programmer monitors their size and endpoint. It's possible in C to concoct statements with undefined behavior. Now these aren't bugs, but code that runs properly though, perhaps not properly all the time. The compiler issues no warning or error for known, undefined behaviors. The program may even run smoothly, but the malfunction exists and can be triggered at any time. Because C is a mid-level language, the programmer must be cautious. Defensive coding must always be practiced. This posture is difficult, because many programmers are used to, and expect, the strict controls used in other languages. Despite these issues, C itself isn't a weak language. Instead, it suffers from programmers unused to coding defensively and who are, for the most part, unaware of safe programming practices. The bottom line is that if you want to code in C, you can't be lazy.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.