|
Boost : |
Subject: Re: [boost] [utility] new auto_buffer class --- RFC
From: Beman Dawes (bdawes_at_[hidden])
Date: 2009-03-02 12:50:18
On Mon, Mar 2, 2009 at 12:32 PM, Peter Dimov <pdimov_at_[hidden]> wrote:
> Thorsten Ottosen:
>>
>> John Maddock skrev:
>>>>
>>>> - From glancing at the implementation posted to the list, it does not
>>>> appear to
>>>> fall back to heap allocation once the maximum stack capacity is reached.
>>>> push_back() simply asserts that the stack capacity hasn't been used up
>>>> yet.
>>
>> Yes, that is necessary to make push_back() inlinable.
>
> It's also necessary if you want to introduce stack buffer overflow attacks.
> Now, I don't question the right of every C++ programmer to be able to
> overflow the stack, but I don't like this ability being presented under the
> name "push_back".
I agree strongly with Peter.
The default needs to be safety, unless there is something to indicate
the danger is accepted. Thus push_back() could throw on overflow,
while unchecked_push_back() could have the semantics of the current
push_back() implementation. There are probably other approaches, too,
that would provide reasonable security.
--Beman
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk