On 6/23/26 2:23 AM, Joaquin M López Muñoz via Boost wrote:
100% agree. The only security-related requirement we should put on Boost.Serialization, and we should put it, is that no UB be generated on archive loading time.
Joaquín M López Muñoz
I believe that there is no possible undefined for loading archives which have been saved in the same format as that loaded. The only scenario I could think of where this could occur would be: a) There is an error in the usage of the library in that the user code implementing the "saving" of an archive is not consistent with the code implementing the "loading" of tthat archive. b) The archive being loaded has been altered from the origainally saved one. (I called this tampering). This whole concern arose when a user ran some type lint type program which detected a line which used a piece of data from the archive which could be be null or something like that. But if such an archive has been created by the library, it could never contain such data. So the only concern that I could think of would be tampering. Robert Ramey
_______________________________________________ Boost mailing list -- boost@lists.boost.org To unsubscribe send an email to boost-leave@lists.boost.org https://lists.boost.org/mailman3/lists/boost.lists.boost.org/ Archived at: https://lists.boost.org/archives/list/ boost@lists.boost.org/message/UQG7D4H6K3HHRPJWECRXDKRFHGAQ3KZW/