I've read from various sources about there being a lot of bugs, issues and design flaws in the C Standard library. Some to do with string handling functions, some with I/O etc.
Is this true? If so, can anyone list some of the most common known issues?
Note: I'm talking about the ISO C Library.
Off the top of my head, here are a couple of the known design issues:
Input functions like gets
(deprecated in C99, gone in C11, but still lurking in God knows how much legacy code) scanf
using a plain %s
conversion specifier, etc., that can overrun their target buffer;
Functions such as strtok
that use static buffers to store state between calls, and as such are non-reentrant;
As far as implementation issues, I don't think anybody who needs a good PRNG is happy with the stock rand
function in most implementations.