Repository : http://git.fedorahosted.org/git/?p=secure-coding.git On branch : master >--------------------------------------------------------------- commit 2067762b472676ef892b55a5263bcf3dd0f16040 Author: Florian Weimer <fweimer@xxxxxxxxxx> Date: Tue Sep 17 13:51:27 2013 +0200 C++: Warn about functions that deal with unpaired iterators >--------------------------------------------------------------- defensive-coding/en-US/CXX-Std.xml | 60 ++++++++++++++++++++++++++++++++++++ 1 files changed, 60 insertions(+), 0 deletions(-) diff --git a/defensive-coding/en-US/CXX-Std.xml b/defensive-coding/en-US/CXX-Std.xml index 88fa803..b221949 100644 --- a/defensive-coding/en-US/CXX-Std.xml +++ b/defensive-coding/en-US/CXX-Std.xml @@ -7,6 +7,61 @@ The C++ standard library includes most of its C counterpart by reference, see <xref linkend="sect-Defensive_Coding-C-Libc"/>. </para> + <section id="sect-Defensive_Coding-CXX-Std-Functions"> + <title>Functions that are difficult to use</title> + <para> + This section collects functions and function templates which are + part of the standard library and are difficult to use. + </para> + <section id="sect-Defensive_Coding-CXX-Std-Functions-Unpaired_Iterators"> + <title>Unpaired iterators</title> + <para> + Functions which use output operators or iterators which do not + come in pairs (denoting ranges) cannot perform iterator range + checking. + (See <xref linkend="sect-Defensive_Coding-CXX-Std-Iterators"/>) + Function templates which involve output iterators are + particularly dangerous: + </para> + <itemizedlist> + <listitem><para><function>std::copy</function></para></listitem> + <listitem><para><function>std::copy_backward</function></para></listitem> + <listitem><para><function>std::copy_if</function></para></listitem> + <listitem><para><function>std::move</function> (three-argument variant)</para></listitem> + <listitem><para><function>std::move_backward</function></para></listitem> + <listitem><para><function>std::partition_copy_if</function></para></listitem> + <listitem><para><function>std::remove_copy</function></para></listitem> + <listitem><para><function>std::remove_copy_if</function></para></listitem> + <listitem><para><function>std::replace_copy</function></para></listitem> + <listitem><para><function>std::replace_copy_if</function></para></listitem> + <listitem><para><function>std::swap_ranges</function></para></listitem> + <listitem><para><function>std::transform</function></para></listitem> + </itemizedlist> + <para> + In addition, <function>std::copy_n</function>, + <function>std::fill_n</function> and + <function>std::generate_n</function> do not perform iterator + checking, either, but there is an explicit count which has to be + supplied by the caller, as opposed to an implicit length + indicator in the form of a pair of forward iterators. + </para> + <para> + These output-iterator-expecting functions should only be used + with unlimited-range output iterators, such as iterators + obtained with the <function>std::back_inserter</function> + function. + </para> + <para> + Other functions use single input or forward iterators, which can + read beyond the end of the input range if the caller is not careful: + </para> + <itemizedlist> + <listitem><para><function>std::equal</function></para></listitem> + <listitem><para><function>std::is_permutation</function></para></listitem> + <listitem><para><function>std::mismatch</function></para></listitem> + </itemizedlist> + </section> + </section> <section id="sect-Defensive_Coding-CXX-Std-String"> <title>String handling with <literal>std::string</literal></title> <para> @@ -124,6 +179,11 @@ supplied an output area that is too small, and their use should be avoided. </para> + <para> + These issues make some of the standard library functions + difficult to use correctly, see <xref + linkend="sect-Defensive_Coding-CXX-Std-Functions-Unpaired_Iterators"/>. + </para> </section> </section> -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
