Boost :

Subject: Re: [boost] Review - boost::log
From: Edouard A. (edouard_at_[hidden])
Date: 2010-03-14 16:10:54

• Next message: Tom Brinkman: "Re: [boost] Review - boost::log"
• Previous message: Andrey Semashev: "Re: [boost] Review - boost::log"
• In reply to: Tom Brinkman: "Re: [boost] Review - boost::log"
• Next in thread: Tom Brinkman: "Re: [boost] Review - boost::log"
• Reply: Tom Brinkman: "Re: [boost] Review - boost::log"

>Nothing unsafe about a "C" style interface. This technique is used by
>thousands of applications.

Tom,

The printf style parameters is responsible for thousands and thousands of
security vulnerabilities.

The problem is that you put the burden of sanitizing the parameters on the
programmer, not the library. If one zero-terminal disappear, you open
Pandora's box. That's just an example. What happens when the programmer
replaces a string by an int and forgets to update the parameters?

I really don't think in 2010 it's sound to encourage that kind of API.

I would rather prefer something like this:

boost::error("The error " << error_code << " occurred: " << error_message <<
std::endl);

Regards.

-Edouard
 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 4944 (20100314) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 

• Next message: Tom Brinkman: "Re: [boost] Review - boost::log"
• Previous message: Andrey Semashev: "Re: [boost] Review - boost::log"
• In reply to: Tom Brinkman: "Re: [boost] Review - boost::log"
• Next in thread: Tom Brinkman: "Re: [boost] Review - boost::log"
• Reply: Tom Brinkman: "Re: [boost] Review - boost::log"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk