On 6/18/2017 5:51 AM, Carl Marcum wrote:
On 06/17/2017 01:52 PM, Patricia Shanahan wrote:
Without going into details here, some recently fixed security issues
have related to the use of fixed size arrays without bounds checks.
In general, that is not a very robust programming practice. It depends
on careful checking in the source code to prevent array overflow.
I suggest a project to replace raw arrays with Standard Template Library
classes as appropriate. All accesses should be through safe functions
such as std::array::at. In some cases we could replace a limited size
but large array with e.g. a std::vector that can start small and grow
only as needed.
This matches nicely with my observations of volunteers. We are not
getting many people with the skills and experience to dive into a
very large body of code and debug it. We are getting students and
early career programmers who could work on something like this. It
might also be a viable Google Summer of Code project.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
That sounds like a good idea.
Do you think the calls may be common enough to find with a search to get
a list of files to look in?
Array access, including unchecked index access to STL array-like
structures, can be identified by the use of '[.*]' bracketed
expressions. STL access with bounds checking uses function call syntax
instead of overloaded array access syntax.
That is going to get a lot of hits so some prioritization is needed.
I suggest working first on files that have been culprits in
array-related security problems we have fixed. We know those use fixed
size arrays and were written or edited by people who did not always
check the bounds. I would then work out to other files in the same
modules, and then anything involved in building internal structures from
input files.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
