Boost logo

Boost :

Subject: Re: [boost] boost utf-8 code conversion facet has security problems
From: Beman Dawes (bdawes_at_[hidden])
Date: 2010-10-14 21:53:40


On Thu, Oct 14, 2010 at 6:29 PM, Robert Ramey <ramey_at_[hidden]> wrote:
> Patrick Horgan wrote:
>
>> It should really be fixed.  There's a lot of bad guys out there that
>> know about these sorts of problems, plus, there aren't many open
>> source implementations of utf-8 code conversion facets, so folks are
>> likely to emulate/steal this.
>>
>> btw mine's freely available to anyone who requests it.
>>
>> wc -l *
>>    232 codecvt_utf8_facet.cpp
>>     29 codecvt_utf8_facet.hpp
>>     14 Makefile
>>    510 testcodecvt.cpp
>>
>> Funny the test code is twice the size of the code.
>>
>
> Note that there is a test of this code in the serialization library test
> suite
> as well as documentation.  The current one fails some tests on some
> platforms.
>
> So if you want to fix all this up, code, tests and documentation, it would
> be a great thing as far as I'm concerned.  In fact what I would like to see
> is utf8 facet be moved from boost/detail to boost/utility along with all
> it's
> documentation and tests.  The module needs the documenation and tests
> but there is no boost/lib/detail to put them in.  The serialization library
> isn't
> a good place for this because this module is used by at least one other
> library (program options) and maybe more.

It is also used by the filesystem library.

I also think it would be great to turn this into a real Boost library.

--Beman


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk