Recently, I was notified of some weak programming practices common in beginning C material. As someone who appreciates solid code, I was surprised to hear about these items. As a teacher, I’m quick to address them.
For the most part, my goal is to teach C by using small programs. This code is quick to type and easy to modify. The sample programs demonstrates specific topics and try not to boggle a beginner with too much crap or overwhelm someone who’s probably already intimidated.
Because of my approach, I often cut corners with certain items. When I do, these issues are called out during the online presentations and in my books. I believe a difference exists between code that teaches and code you plan on releasing into the wild.
The kind person who alerted me to these issues pointed out some issues in code I use to teach. He expressed his concerns, which are:
- Using scanf() to convert string data to numbers.
- Being mindful of how strcpy() and strcat() manipulate string data.
- Avoiding putchar() as a condition in a while loop.
These are three items I use when teaching C, and I see how each of them could lead to trouble. Nothing in my books or online movies presents a serious code threat. Yet, at the point where you use your coding skills in the real world, it helps to bolster your C knowledge with some safe programming practices in defense of things you might not anticipate.
For a beginner, focus on learning C. The items listed above deserve a mention. Especially in the future, I will be more diligent about mentioning various weaknesses, which is something the C language has in abundance.
The source cited for these safe coding practices is found on the SEI Cert C Secure Coding Standards website. For the three items bulleted above, I’ll go over the details over the next few weeks. I’ll cover other relevant and interesting items in the Secure Coding Standards document in all future material. After all, the goal of any programmer is to write safe and bulletproof code.