I don't know about C++14 specifically, but a good example is C++17's std::string_view, which allows an implicit cast from std::string&& and can very easily lead to UAF: https://github.com/isocpp/CppCoreGuidelines/issues/1038
Alex On Mon, Oct 30, 2017 at 10:52 AM, Simon Sapin <simon.sa...@exyr.org> wrote: > On 30/10/17 15:05, smaug wrote: > >> And let's be careful with the new C++ features, pretty please. We >> managed to not be careful when we started to use auto, or ranged-for >> or lambdas. I'd prefer to not fix more security critical bugs or >> memory leaks just because of fancy hip and cool language features ;) >> > > Careful how? How do new language features lead to security bugs? Is new > compiler code not as well tested and could have miscompiles? Are specific > features easy to misuse? > > -- > Simon Sapin > > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
