Subject: Re: [Boost-bugs] [Boost C++ Libraries] #7248: UUID Conditional jump or move depends on uninitialised value(s)
From: Boost C++ Libraries (noreply_at_[hidden])
Date: 2014-07-22 06:56:52
#7248: UUID Conditional jump or move depends on uninitialised value(s)
--------------------------------------+----------------------------
Reporter: df@… | Owner: atompkins
Type: Bugs | Status: reopened
Milestone: To Be Determined | Component: uuid
Version: Boost Development Trunk | Severity: Showstopper
Resolution: | Keywords: uuid, valgrind
--------------------------------------+----------------------------
Changes (by k.stuhlemmer@…):
* status: closed => reopened
* version: Boost 1.48.0 => Boost Development Trunk
* resolution: fixed =>
* severity: Optimization => Showstopper
Comment:
This is a serious issue! Using uninitialized variables (i.e. _rd[]) as
extra source of randomness has been proven to be a very bad idea (see
http://kqueue.org/blog/2012/06/25/more-randomness-or-less). You should
consider to rework the seed generation or remove it completely. Boost is
believed to be high-quality code and many developers trust on it. In this
certain case its usage is simply dangerous.
-- Ticket URL: <https://svn.boost.org/trac/boost/ticket/7248#comment:3> Boost C++ Libraries <http://www.boost.org/> Boost provides free peer-reviewed portable C++ source libraries.
This archive was generated by hypermail 2.1.7 : 2017-02-16 18:50:16 UTC