On 1/14/2013 1:05 PM, Jesse Ruderman wrote:
We have a lot of pointer casts in our tree [1][2][3] and some security
holes involve these casts going wrong [4][5].
Should we make debug builds check casts to (vtableful?) pointer types?
This could be done by adding and calling an "assert_cast" function, or
by adding a new "sanitizer" mode [6] to clang.
Following up and talking to clang people, there is currently a
-fsanitize=vptr that is capable of checking this (it only errors on
member access right now, but I have talked to people and confirmed that
at the point of static_cast is a correct time to check). This only works
when RTTI is enabled, however, and only for classes with virtual table
pointers.
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform