I really like the apr memory pool functions (aka arenas or regions [1]); it makes it easier to write memory-safe code. Of course, it is still the C programming language; you don't have compile-time enforced memory safety like with the Rust programming language, for instance. But these APR memory allocation functions are a big help in programming with memory safety.
[1] https://en.wikipedia.org/wiki/Region-based_memory_management On Fri, Aug 28, 2015 at 5:10 PM, Wes Garland <w...@page.ca> wrote: > It's used by Apache httpd. I think that pretty much says everything > you need to know :) > > Sent from my iPhone > > > On Aug 28, 2015, at 6:04, Tristan Leask <tristan.le...@enghouse.com> > wrote: > > > > Hi all, > > > > Not sure if this is the right place to ask or not, so sorry if it isn't. > > > > I am currently using the APR library in conjunction with the Active MQ > CPP connector, so that I can produce and consume topics over an Active MQ > bus. Recently I have asked to evaluate the security of our system and the > components that it uses. One of those requirements is to make sure that > the software is protected as best as it can be from buffer exploits, and > one way of doing this is to make sure that safe C libraries are being used > with C code, and that C++ code uses safe API equivalents, e.g. strncpy() to > strncpy_S(). > > > > Reading the APR site, it says that you take security very seriously, so > I am assuming that the library should be ok for this. I could potentially > get someone to look in to the code, but I thought it would be quicker to > ask first. > > > > So, any comments? > > > > Thanks in advance! > > >
