Boost logo

Boost :

From: Emil Dotchevski (emildotchevski_at_[hidden])
Date: 2019-12-03 19:08:19

On Tue, Dec 3, 2019 at 7:42 AM Zach Laine via Boost <boost_at_[hidden]>
> > Thus (assuming we're appending into one of the existing buffers
> > instead), *someone* needs to do a range check at runtime, and forgetting
> > it is a serious security vulnerability. If we lived in a world where
> > sanitisers were readily available, reliable, and automatically run on
> > all code, then maybe you can argue that this is the user's
> > responsibility and UB is "safe". We still do not yet live in that
> >
> I get the point you're making. What I do not get is why you *only* apply
> it to op+. That is, if memory is so essential for op+, then why is it not
> also essential for op[] . This is not a troll. I really do want to know
> what the difference is as you see it.

These are two different kinds of errors, invalid access vs buffer overrun.
I trust you're not arguing that these are essentially the same.

Logically, using a bad index can not be recovered from. You have broken
invariants, or worse. It's the textbook example of what not to do.

In contrast, when running out of a resource, nothing bad has yet happened.
The program is in good state, failing to establish a new invariant.
Generally, programs should be able to recover from such state. It's the
textbook example for good practices: you check for errors and recover from
them, rather than end up with UB.

Boost list run by bdawes at, gregod at, cpdaniel at, john at