24. Juli 2007

Noch mehr gegen C++

Category: Allgemein — Christian @ 09:02

Bei Matasano gibt es eine kleine Liste von Fehlerklassen in C++:

Exceptions: When you throw an exception, you effectively “abort” your current function, and all the functions in the call chain up to the point where the exception was caught. If any of these functions aren’t written to anticipate getting preemptively aborted, and hold on to a pointer or a chunk of memory, you’ve got a memory lifecycle bug.

Destructors: If you call “delete[]” instead of “delete” you’ve introduced a potential vulnerability.

STL: The Standard C++ Library. If you modify an STL vector or dequeue, you invalidate all your outstanding iterators. If you hold references to those invalid iterators, they now point to invalid addresses.

Mehr auch hier.

1 Kommentar

  1. Kommentare gesperrt wegen Spam

    Comment by Christian — 2. Mai 2008 @ 19:21

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.