Re: C is a [value judgement of choice] language for security
"So, don't wait around for somebody else to do this simple stuff for you: just do it."
In addition: GCC has a ton of new sanity checks for you to enable.. Use them.
If your compiler provides a way to annotate varargs. Use them (ex GCC: __attribute__ ((format(printf, 2, 3)));"
If your compiler lets you annotate parameters as allows NULL/must never be NULL etc. Use those too.
Always make sure your code compiles without warnings.. Warnings are often the C language telling you that what you are doing is undefined and even if you leave the safe warnings in place they will hide the important warnings in the noise.
Biting the hand that feeds IT
