Reece Dunn wrote:

There is currently a static-sized array in the Boost library that allows you to operate on arrays of fixed size. I was wondering if something similar exists for strings, in particular, providing buffer-overflow safe string operations.

I have an nstring< std::size_t n > string class that provides size-safe copying and comparison, allowing for you to do things like:

That's an excellent direction in which to be moving. How far can we go in replacing unsafe C strings? With the endless reports of buffer overflow exploits, anything that can be done in that direction would help. I'd suggest a class with the following properties: Fixed-allocated strings, with length information. No calls to "new". Supports most of the operations allowed for STL strings. Also supports the "classic" C string operations, like "sprintf", "strlen", etc., using the classic C syntax for them. Implicit conversion to "const char*", but not "char *", for compatibility with existing library calls. Fully protected against overflow. It might also be worthwhile to provide "sprintf", "strlen", etc. for STL strings. The basic idea is that this should be retrofittable to old code without major efforts. Ideally, you go through the code with a program, replacing "char foo[nnn]" with "char_array<nnn> foo", and "char *" with "char_array&", and it mostly works. Everything that doesn't work gets a compile-time error. You fix all the compile time errors, and your program is overflow-proof, at least in this area. John Nagle Team Overbot