Edward Bartolo <edbarx@???> writes: > I am not assuming anything and understand the risks of buffer
> overflows. The first step I am taking is to make the code function.
> The second step is further debug it until it behaves properly and the
> third step is to correct any potential security issues.
Realistically, the first step is 'make the code function', the second
step is 'graduate from university based on your thesis' and the 3rd was
called 'heartbleed', IOW, that's not going to happen in this way. If
you're doing string processing in C, try to do it correctly from the
start. That's much easier than retrofitting proper length/ size handling onto
some working code.