|
|
Boost : |
Subject: Re: [boost] [new Warnings policy] MS C4180 on the Maintenance Guidelines
From: Paul A. Bristow (pbristow_at_[hidden])
Date: 2009-11-24 05:47:04
> -----Original Message-----
> From: boost-bounces_at_[hidden] [mailto:boost-bounces_at_[hidden]] On
Behalf Of
> Patrick Horgan
> Sent: Monday, November 23, 2009 9:24 PM
> To: boost_at_[hidden]
> Subject: Re: [boost] [new Warnings policy] MS C4180 on the Maintenance
Guidelines
> Nick Stoughton wrote:
> > SC 22/WG 14 N1160 Austin Group Concerns on PDTR 24731
Stoughton 2006-02-27
> > Members of the Austin Group have been reviewing the proposed Technical
> > Report on "Bounds Checking Functions" over the last year, and wish to
> > express their concerns over its direction.
> > The proposed interfaces fail to address many of the aspects related to
> > buffer overflow and as a result are only suitable for a narrow range of
applications.
I've added a link to this at
https://svn.boost.org/trac/boost/wiki/Guidelines/MaintenanceGuidelines
at the C4996 notes
I conclude that people must be allowed make up their own minds about whether to
use secure or not, and so should suppress the warnings.
Paul
PS It reminds me what a disastrous mistake C made when not including an array
length as an integral part of the array, leaving checks (perhaps optional) to
the compiler (perhaps using hardware to avoid any perceptible runtime cost).
The whole virus fiasco can be traced to this.
--- Paul A. Bristow Prizet Farmhouse Kendal, UK LA8 8AB +44 1539 561830, mobile +44 7714330204 pbristow_at_[hidden]
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk