Boost logo

Boost :

Subject: Re: [boost] boost utf-8 code conversion facet has security problems
From: Beman Dawes (bdawes_at_[hidden])
Date: 2010-10-14 21:53:40

On Thu, Oct 14, 2010 at 6:29 PM, Robert Ramey <ramey_at_[hidden]> wrote:
> Patrick Horgan wrote:
>> It should really be fixed.  There's a lot of bad guys out there that
>> know about these sorts of problems, plus, there aren't many open
>> source implementations of utf-8 code conversion facets, so folks are
>> likely to emulate/steal this.
>> btw mine's freely available to anyone who requests it.
>> wc -l *
>>    232 codecvt_utf8_facet.cpp
>>     29 codecvt_utf8_facet.hpp
>>     14 Makefile
>>    510 testcodecvt.cpp
>> Funny the test code is twice the size of the code.
> Note that there is a test of this code in the serialization library test
> suite
> as well as documentation.  The current one fails some tests on some
> platforms.
> So if you want to fix all this up, code, tests and documentation, it would
> be a great thing as far as I'm concerned.  In fact what I would like to see
> is utf8 facet be moved from boost/detail to boost/utility along with all
> it's
> documentation and tests.  The module needs the documenation and tests
> but there is no boost/lib/detail to put them in.  The serialization library
> isn't
> a good place for this because this module is used by at least one other
> library (program options) and maybe more.

It is also used by the filesystem library.

I also think it would be great to turn this into a real Boost library.


Boost list run by bdawes at, gregod at, cpdaniel at, john at