Subject: Re: [Boost-bugs] [Boost C++ Libraries] #6528: Potential vulnerability in programs recompiled for 64-bit platforms
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2012-02-08 12:36:22
#6528: Potential vulnerability in programs recompiled for 64-bit platforms
-------------------------------------+--------------------------------------
Reporter: econometrics@… | Owner: jsiek
Type: Bugs | Status: new
Milestone: To Be Determined | Component: dynamic_bitset
Version: Boost 1.38.0 | Severity: Problem
Resolution: | Keywords: Vulnerability, 64-bit, overflow
-------------------------------------+--------------------------------------
Comment (by Ulrich Eckhardt <ulrich.eckhardt@…>):
{{{buffer_type m_bits}}} is private. If {{{BOOST_DYNAMIC_BITSET_PRIVATE}}}
is defined as public to work around compiler bugs, it should still be
treated as private. Further, the {{{block_type}}} isn't exposed in the
interface either. In summary, valid code will not not touch {{{m_bits}}}
or its elements, so any size differences there are not a problem. Even if
by some fiendish hackery you are accessing {{{m_bits}}}, any assumption
about the size of its elements are invalid, unless they based on the use
of the {{{sizeof}}} operator.
What exactly are you doing? What code is vulnerable to buffer overflows?
-- Ticket URL: <https://svn.boost.org/trac/boost/ticket/6528#comment:3> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:08 UTC