Boost :

From: Jeff Garland (jeff_at_[hidden])
Date: 2005-04-21 21:30:27

• Next message: Jason Hise: "[boost] New Singleton Release!"
• Previous message: Jeff Garland: "Re: [boost] Re: Steps before moving to Subversion"
• In reply to: Caleb Epstein: "Re: [boost] Re: (Another) socket streams library"
• Next in thread: Michel André: "[boost] Re: (Another) socket streams library"
• Reply: Michel André: "[boost] Re: (Another) socket streams library"

On Thu, 21 Apr 2005 20:08:20 -0400, Caleb Epstein wrote
> https://mndfck.org/svn/socketstream/trunk/example/time/session.h
>
> Buffer overflow here:
>
> char s[3];
> this->time(s);
>
> where ::time indexes s[0..3]. There's even a comment:
>
> // assume we really got a string of the appropriate size

This kind of code needs to be banished from all socket examples and libraries.
 We need buffer type that the "network infrastructure" can 'know' the size of
and possibly even resize if needed. These type of assumed/fixed size buffers
are bad design -- simply unacceptable in my mind for a modern C++ library.

I notice we don't have a buffer concept in any of our net/socket writeups on
the wiki. I think that's a big omission. I also wonder if the abstraction
doesn't already exist --> std::basic_streambuf. Let the socket class write
into the streambuf and then you can trivially wrap a stream around it to do
sophisticated i/o if you wish -- or simply pull out the raw chars....

Jeff

• Next message: Jason Hise: "[boost] New Singleton Release!"
• Previous message: Jeff Garland: "Re: [boost] Re: Steps before moving to Subversion"
• In reply to: Caleb Epstein: "Re: [boost] Re: (Another) socket streams library"
• Next in thread: Michel André: "[boost] Re: (Another) socket streams library"
• Reply: Michel André: "[boost] Re: (Another) socket streams library"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk