Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id E283B200CAA for ; Sat, 17 Jun 2017 19:52:34 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id E0196160BD2; Sat, 17 Jun 2017 17:52:34 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 32899160BC4 for ; Sat, 17 Jun 2017 19:52:34 +0200 (CEST) Received: (qmail 71205 invoked by uid 500); 17 Jun 2017 17:52:33 -0000 Mailing-List: contact dev-help@openoffice.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@openoffice.apache.org Delivered-To: mailing list dev@openoffice.apache.org Received: (qmail 71194 invoked by uid 99); 17 Jun 2017 17:52:32 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 17 Jun 2017 17:52:32 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 9BCEFC022D for ; Sat, 17 Jun 2017 17:52:32 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.971 X-Spam-Level: X-Spam-Status: No, score=0.971 tagged_above=-999 required=6.31 tests=[SPF_HELO_PASS=-0.001, SPF_SOFTFAIL=0.972] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id hxts8NVlNzpE for ; Sat, 17 Jun 2017 17:52:31 +0000 (UTC) Received: from biz190.inmotionhosting.com (biz190.inmotionhosting.com [74.124.195.240]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id BF6575F365 for ; Sat, 17 Jun 2017 17:52:30 +0000 (UTC) Received: from ip70-181-175-67.sd.sd.cox.net ([70.181.175.67]:63809 helo=[192.168.1.129]) by biz190.inmotionhosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.87) (envelope-from ) id 1dMHtY-001AX3-5u for dev@openoffice.apache.org; Sat, 17 Jun 2017 10:52:29 -0700 To: dev@openoffice.apache.org From: Patricia Shanahan Subject: A refactoring proposal Message-ID: <6b051c98-f366-00dc-ba8e-17f64e212eba@acm.org> Date: Sat, 17 Jun 2017 10:52:21 -0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-OutGoing-Spam-Status: No, score=-1.0 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - biz190.inmotionhosting.com X-AntiAbuse: Original Domain - openoffice.apache.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - acm.org X-Get-Message-Sender-Via: biz190.inmotionhosting.com: authenticated_id: pats+patriciashanahan.com/only user confirmed/virtual account not confirmed X-Authenticated-Sender: biz190.inmotionhosting.com: pats@patriciashanahan.com X-Source: X-Source-Args: X-Source-Dir: archived-at: Sat, 17 Jun 2017 17:52:35 -0000 Without going into details here, some recently fixed security issues have related to the use of fixed size arrays without bounds checks. In general, that is not a very robust programming practice. It depends on careful checking in the source code to prevent array overflow. I suggest a project to replace raw arrays with Standard Template Library classes as appropriate. All accesses should be through safe functions such as std::array::at. In some cases we could replace a limited size but large array with e.g. a std::vector that can start small and grow only as needed. This matches nicely with my observations of volunteers. We are not getting many people with the skills and experience to dive into a very large body of code and debug it. We are getting students and early career programmers who could work on something like this. It might also be a viable Google Summer of Code project. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org For additional commands, e-mail: dev-help@openoffice.apache.org