|
|
Boost : |
Subject: Re: [boost] boost utf-8 code conversion facet has security problems
From: Robert Ramey (ramey_at_[hidden])
Date: 2010-10-14 18:29:43
Patrick Horgan wrote:
> It should really be fixed. There's a lot of bad guys out there that
> know about these sorts of problems, plus, there aren't many open
> source implementations of utf-8 code conversion facets, so folks are
> likely to emulate/steal this.
>
> btw mine's freely available to anyone who requests it.
>
> wc -l *
> 232 codecvt_utf8_facet.cpp
> 29 codecvt_utf8_facet.hpp
> 14 Makefile
> 510 testcodecvt.cpp
>
> Funny the test code is twice the size of the code.
>
Note that there is a test of this code in the serialization library test
suite
as well as documentation. The current one fails some tests on some
platforms.
So if you want to fix all this up, code, tests and documentation, it would
be a great thing as far as I'm concerned. In fact what I would like to see
is utf8 facet be moved from boost/detail to boost/utility along with all
it's
documentation and tests. The module needs the documenation and tests
but there is no boost/lib/detail to put them in. The serialization library
isn't
a good place for this because this module is used by at least one other
library (program options) and maybe more.
Robert Ramey
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk