|
|
Boost : |
Subject: Re: [boost] boost utf-8 code conversion facet has security problems
From: Beman Dawes (bdawes_at_[hidden])
Date: 2010-10-14 21:53:40
On Thu, Oct 14, 2010 at 6:29 PM, Robert Ramey <ramey_at_[hidden]> wrote:
> Patrick Horgan wrote:
>
>> It should really be fixed. There's a lot of bad guys out there that
>> know about these sorts of problems, plus, there aren't many open
>> source implementations of utf-8 code conversion facets, so folks are
>> likely to emulate/steal this.
>>
>> btw mine's freely available to anyone who requests it.
>>
>> wc -l *
>> 232 codecvt_utf8_facet.cpp
>> 29 codecvt_utf8_facet.hpp
>> 14 Makefile
>> 510 testcodecvt.cpp
>>
>> Funny the test code is twice the size of the code.
>>
>
> Note that there is a test of this code in the serialization library test
> suite
> as well as documentation. The current one fails some tests on some
> platforms.
>
> So if you want to fix all this up, code, tests and documentation, it would
> be a great thing as far as I'm concerned. In fact what I would like to see
> is utf8 facet be moved from boost/detail to boost/utility along with all
> it's
> documentation and tests. The module needs the documenation and tests
> but there is no boost/lib/detail to put them in. The serialization library
> isn't
> a good place for this because this module is used by at least one other
> library (program options) and maybe more.
It is also used by the filesystem library.
I also think it would be great to turn this into a real Boost library.
--Beman
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk