openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patricia Shanahan <>
Subject Re: A refactoring proposal
Date Sat, 17 Jun 2017 22:15:41 GMT
Another useful project would indeed be warning removal. The reason for
putting bounds checking ahead of it is that I have not yet seen a
security bug that would have been fixed by warning removal.

On 6/17/2017 3:01 PM, Matthias Seidel wrote:
> Hi Patricia,
> I am not a programmer, but looking at the screen when building AOO I see
> a lot of messages that make me think that the code could need a review...
> Your suggestion sounds very reasonable to me!
> Kind regards, Matthias
> Am 17.06.2017 um 19:52 schrieb Patricia Shanahan:
>> Without going into details here, some recently fixed security issues
>> have related to the use of fixed size arrays without bounds checks.
>> In general, that is not a very robust programming practice. It depends
>> on careful checking in the source code to prevent array overflow.
>> I suggest a project to replace raw arrays with Standard Template Library
>> classes as appropriate. All accesses should be through safe functions
>> such as std::array::at. In some cases we could replace a limited size
>> but large array with e.g. a std::vector that can start small and grow
>> only as needed.
>> This matches nicely with my observations of volunteers. We are not
>> getting many people with the skills and experience to dive into a
>> very large body of code and debug it. We are getting students and
>> early career programmers who could work on something like this. It
>> might also be a viable Google Summer of Code project.
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message