openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patricia Shanahan <>
Subject Re: A refactoring proposal
Date Sun, 18 Jun 2017 13:12:35 GMT

On 6/18/2017 5:51 AM, Carl Marcum wrote:
> On 06/17/2017 01:52 PM, Patricia Shanahan wrote:
>> Without going into details here, some recently fixed security issues
>> have related to the use of fixed size arrays without bounds checks.
>> In general, that is not a very robust programming practice. It depends
>> on careful checking in the source code to prevent array overflow.
>> I suggest a project to replace raw arrays with Standard Template Library
>> classes as appropriate. All accesses should be through safe functions
>> such as std::array::at. In some cases we could replace a limited size
>> but large array with e.g. a std::vector that can start small and grow
>> only as needed.
>> This matches nicely with my observations of volunteers. We are not
>> getting many people with the skills and experience to dive into a
>> very large body of code and debug it. We are getting students and
>> early career programmers who could work on something like this. It
>> might also be a viable Google Summer of Code project.
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:
> That sounds like a good idea.
> Do you think the calls may be common enough to find with a search to get 
> a list of files to look in?

Array access, including unchecked index access to STL array-like
structures, can be identified by the use of '[.*]' bracketed
expressions. STL access with bounds checking uses function call syntax
instead of overloaded array access syntax.

That is going to get a lot of hits so some prioritization is needed.

I suggest working first on files that have been culprits in
array-related security problems we have fixed. We know those use fixed
size arrays and were written or edited by people who did not always
check the bounds. I would then work out to other files in the same
modules, and then anything involved in building internal structures from
input files.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message