I lost you here. How would a buffer overflow happen if the string is a global variable in the dll?
The buffer overflow could occur with the buffer. You're confusing two different approaches.
I see. you mean the programmer needs to be careful and consider not to write buffer overflow vulnerable code using size and buffer method.
And if the buffer is not big enough, get the needed buffer size and try again. Finally, copy the buffer to a string.
So the function should include two arguments:
buffer and
size and should return the actual size. Right?
In general, you never use global variables in dynamic libraries. Think of a threaded app using the library. The library could be called simultaneously by multiple threads or processes.
The question is not about thread-safe code, but to answer your concern:
For multiple threads, it is possible to change
var to
threadvar.
For different processes their is no problem when using global variables.
Follow the NDFD example like a cookbook and you'll be okay. Otherwise, you're just wandering around in the dark.
Thanks for the advice.