protecting my char*

[pembed2003]

Hi,
I have the following:

class person{
public:
person(){name = new char[6]; strcpy(name,"peter");}
~person(){delete[] name;}
const char* getName(){return name;}
private:
char* name;
};

int main(int argc,char** argv){
person p;
char* s = (char*)p.getName();
s[0] = 'f';
std::cout<<p.getName()<<std::endl;
}

The above prints:

feter

What I want to do is allow my getName() function to return the name of
person but don't allow the caller to modify the name. Any idea?

I can do:

char* person::getName(){
char* s = new char[strlen(name) + 1];
strpcy(s,name);
return s;
}

But this approach has 2 drawback:

1. Everytime the getName() function is called, a copy of name has to
be made which is slow
2. The caller has to remember to free s

Is ther any other solution?

Thanks!

 

[Rolf Magnus]

Hi,
I have the following:

class person{
public:
person(){name = new char[6]; strcpy(name,"peter");}
~person(){delete[] name;}
const char* getName(){return name;}
private:
char* name;
};

int main(int argc,char** argv){
person p;
char* s = (char*)p.getName();
s[0] = 'f';
std::cout<<p.getName()<<std::endl;
}

The above prints:

feter

What I want to do is allow my getName() function to return the name of
person but don't allow the caller to modify the name. Any idea?

You casted away the constness (using an old-style cast btw). The
compiler can protect you from doing errors, it won't protect you from
sabotaging your code.

I can do:

char* person::getName(){
char* s = new char[strlen(name) + 1];
strpcy(s,name);
return s;
}

But this approach has 2 drawback:

1. Everytime the getName() function is called, a copy of name has to
be made which is slow
2. The caller has to remember to free s

Is ther any other solution?

Yes. Don't cast unless you really know that (and why) you need it, and
if you need it, use the newer C++ style casts.

 

[Stephen Waits]

class person{
public:
person(){name = new char[6]; strcpy(name,"peter");}
~person(){delete[] name;}
const char* getName(){return name;}
private:
char* name;
};

[snip]


#include <string>

class person
{
public:
person() { name = "peter"; }
std::string getName() const { return name; }

private:
std::string name;
};


To do it without copying return a const reference instead:


#include <string>

class person
{
public:
person() { name = "peter"; }
const std::string& getName() const { return name; }

private:
std::string name;
}


--Steve

 

[pembed2003]

Yes. Don't cast unless you really know that (and why) you need it, and
if you need it, use the newer C++ style casts.

So, I guess your answer is:

Tell whoever using the code not to cast away the const and hope they
will listen to me?

I think that's a very useful method of stop someone trying to break my
code! Thanks a lot!

 

[pembed2003]

To do it without copying return a const reference instead:


#include <string>

class person
{
public:
person() { name = "peter"; }
const std::string& getName() const { return name; }

private:
std::string name;
}

Thanks Steve! I will give it a try.

 

[John Harrison]

Rolf Magnus <[email protected]> wrote in message

So, I guess your answer is:

Tell whoever using the code not to cast away the const and hope they
will listen to me?

I think that's a very useful method of stop someone trying to break my
code! Thanks a lot!

What else is possible? You cannot stop someone doing this (for instance)

memset(&person, 0, sizeof(person));

or this

char* rogue = (char*)&person;
*rogue = '\0';

or this

#define private public
#include "person.h"

person.name[0] = '\0';

or million other stupid things

C++ does not try to guard against deliberate attempts to break code. If you
want something like that try Java.

john

 

[John Harrison]

Stephen Waits <[email protected]> wrote in message

Thanks Steve! I will give it a try.

It doesn't work, for exactly the same reason as before

person p;
((std::string&)(p.get_name()))[0] = 'f';

At some point you just have to trust your users.

john

 

[Stephen Waits]

It doesn't work, for exactly the same reason as before

Oh right.. I didn't mean to imply that it would prevent something like this.

But, what prevents anything from writing anywhere.. [obviously some
OS-dependent functionality may be available to help with this].

--Steve

 

[John Harrison]

It doesn't work, for exactly the same reason as before

Oh right.. I didn't mean to imply that it would prevent something like this.

But, what prevents anything from writing anywhere.. [obviously some
OS-dependent functionality may be available to help with this].

Exactly, the OP seems to be expecting too much from C++.

john