Repository : http://git.fedorahosted.org/git/?p=secure-coding.git On branch : master >--------------------------------------------------------------- commit 2988ebd27e73444ca8b9c197fa35e8be7e92a620 Author: Florian Weimer <fweimer@xxxxxxxxxx> Date: Mon May 26 11:46:16 2014 +0200 Add a short chapter on Vala >--------------------------------------------------------------- defensive-coding/en-US/Defensive_Coding.xml | 1 + defensive-coding/en-US/Vala.xml | 53 +++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 0 deletions(-) diff --git a/defensive-coding/en-US/Defensive_Coding.xml b/defensive-coding/en-US/Defensive_Coding.xml index 7ca3f46..a9baeb3 100644 --- a/defensive-coding/en-US/Defensive_Coding.xml +++ b/defensive-coding/en-US/Defensive_Coding.xml @@ -8,6 +8,7 @@ <xi:include href="CXX.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> <xi:include href="Java.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> <xi:include href="Python.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> + <xi:include href="Vala.xml" xmlns:xi="http://www.w3.org/2001/XInclude"; /> </part> <part> <title>Specific Programming Tasks</title> diff --git a/defensive-coding/en-US/Vala.xml b/defensive-coding/en-US/Vala.xml new file mode 100644 index 0000000..3dea943 --- /dev/null +++ b/defensive-coding/en-US/Vala.xml @@ -0,0 +1,53 @@ +<?xml version='1.0' encoding='utf-8' ?> +<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ +]> +<chapter id="chap-Defensive_Coding-Vala"> +<title>The Vala Programming Language</title> +<para> + Vala is a programming language mainly targeted at GNOME developers. +</para> +<para> + Its syntax is inspired by C# (and thus, indirectly, by Java). But + unlike C# and Java, Vala does not attempt to provide memory safety: + Vala is compiled to C, and the C code is compiled with GCC using + typical compiler flags. Basic operations like integer arithmetic + are directly mapped to C constructs. As a results, the + recommendations in <xref linkend="chap-Defensive_Coding-C"/> apply. +</para> +<para> + In particular, the following Vala language constructs can result in + undefined behavior at run time: +</para> +<itemizedlist> + <listitem> + <para> + Integer arithmetic, as described in <xref + linkend="sect-Defensive_Coding-C-Arithmetic"/>. + </para> + </listitem> + <listitem> + <para> + Pointer arithmetic, string subscripting and the + <literal>substring</literal> method on strings (the + <literal>string</literal> class in the + <literal>glib-2.0</literal> package) are not range-checked. It + is the responsibility of the calling code to ensure that the + arguments being passed are valid. This applies even to cases + (like <literal>substring</literal>) where the implementation + would have range information to check the validity of indexes. + See <xref linkend="sect-Defensive_Coding-C-Pointers"/>. + </para> + </listitem> + <listitem> + <para> + Similarly, Vala only performs garbage collection (through + reference counting) for <literal>GObject</literal> values. For + plain C pointers (such as strings), the programmer has to ensure + that storage is deallocated once it is no longer needed (to + avoid memory leaks), and that storage is not being deallocated + while it is still being used (see <xref + linkend="sect-Defensive_Coding-C-Use-After-Free"/>). + </para> + </listitem> +</itemizedlist> +</chapter> -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
