|
Boost Users : |
Subject: Re: [Boost-users] HP fortify Scan Issues
From: John Maddock (jz.maddock_at_[hidden])
Date: 2015-12-17 12:57:11
On 17/12/2015 13:25, Ganesh wrote:
> I have run HP fortify scan on our code which uses Boos libraries for
> checking security vulnerabilities. During the scan I got issues
> reported in below two files.
>
> 1. compressed_pair.hpp
> 2. next_prior.hpp
>
> The issue reported as below.
> *1. compressed_pair.hpp (In line 154)*
>
> LINE 153: compressed_pair_imp(first_param_type x,
> second_param_type y)
> LINE 154: * : first_type(x), second_(y) {}*
>
> Abstract: The program reads data from just outside the bounds of
> allocated memory.
>
I see no other way to (correctly) implement that functionality. I
assume that Fortify is complaining because the base class type
(first_type here) is empty and therefore occupies the same physical
storage as data member second_. IMO the code is completely correct though.
HTH, John.
Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net