Boost logo

Boost :

Subject: Re: [boost] [utility] new auto_buffer class --- RFC
From: Beman Dawes (bdawes_at_[hidden])
Date: 2009-03-02 12:50:18

On Mon, Mar 2, 2009 at 12:32 PM, Peter Dimov <pdimov_at_[hidden]> wrote:
> Thorsten Ottosen:
>> John Maddock skrev:
>>>> - From glancing at the implementation posted to the list, it does not
>>>> appear to
>>>> fall back to heap allocation once the maximum stack capacity is reached.
>>>> push_back() simply asserts that the stack capacity hasn't been used up
>>>> yet.
>> Yes, that is necessary to make push_back() inlinable.
> It's also necessary if you want to introduce stack buffer overflow attacks.
> Now, I don't question the right of every C++ programmer to be able to
> overflow the stack, but I don't like this ability being presented under the
> name "push_back".

I agree strongly with Peter.

The default needs to be safety, unless there is something to indicate
the danger is accepted. Thus push_back() could throw on overflow,
while unchecked_push_back() could have the semantics of the current
push_back() implementation. There are probably other approaches, too,
that would provide reasonable security.


Boost list run by bdawes at, gregod at, cpdaniel at, john at