Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 7F78E200CB9 for ; Sun, 18 Jun 2017 00:12:37 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 7EA80160BEA; Sat, 17 Jun 2017 22:12:37 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 9BA4A160BD2 for ; Sun, 18 Jun 2017 00:12:36 +0200 (CEST) Received: (qmail 94900 invoked by uid 500); 17 Jun 2017 22:12:35 -0000 Mailing-List: contact dev-help@openoffice.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@openoffice.apache.org Delivered-To: mailing list dev@openoffice.apache.org Received: (qmail 94888 invoked by uid 99); 17 Jun 2017 22:12:35 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 17 Jun 2017 22:12:35 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 117A61A037E for ; Sat, 17 Jun 2017 22:12:35 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.702 X-Spam-Level: X-Spam-Status: No, score=-0.702 tagged_above=-999 required=6.31 tests=[RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id P0AQqAcOCSSQ for ; Sat, 17 Jun 2017 22:12:32 +0000 (UTC) Received: from sour.ops.eusc.inter.net (sour.ops.eusc.inter.net [84.23.254.154]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id E25F15F254 for ; Sat, 17 Jun 2017 22:12:31 +0000 (UTC) X-Trace: 507c6d617474686961732e73656964656c4068616d627572672e64657c33312e31 392e3132352e397c31644d4c78472d303030496f612d51367c3134393737333735 3530 Received: from sour.ops.eusc.inter.net ([10.154.10.15] helo=localhost) by sour.ops.eusc.inter.net with esmtpsa (Exim 4.89) id 1dMLxG-000Ioa-Q6 for dev@openoffice.apache.org; Sun, 18 Jun 2017 00:12:30 +0200 Subject: Re: A refactoring proposal To: dev@openoffice.apache.org References: <6b051c98-f366-00dc-ba8e-17f64e212eba@acm.org> From: Matthias Seidel Message-ID: Date: Sun, 18 Jun 2017 00:01:53 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 MIME-Version: 1.0 In-Reply-To: <6b051c98-f366-00dc-ba8e-17f64e212eba@acm.org> Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms050709020704030701090502" X-SA-Exim-Connect-IP: 31.19.125.9 X-SA-Exim-Mail-From: matthias.seidel@hamburg.de X-SA-Exim-Scanned: No (on sour.ops.eusc.inter.net); SAEximRunCond expanded to false archived-at: Sat, 17 Jun 2017 22:12:37 -0000 --------------ms050709020704030701090502 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US Hi Patricia, I am not a programmer, but looking at the screen when building AOO I see a lot of messages that make me think that the code could need a review...= Your suggestion sounds very reasonable to me! Kind regards, Matthias Am 17.06.2017 um 19:52 schrieb Patricia Shanahan: > Without going into details here, some recently fixed security issues > have related to the use of fixed size arrays without bounds checks. > > In general, that is not a very robust programming practice. It depends > on careful checking in the source code to prevent array overflow. > > I suggest a project to replace raw arrays with Standard Template Librar= y > classes as appropriate. All accesses should be through safe functions > such as std::array::at. In some cases we could replace a limited size > but large array with e.g. a std::vector that can start small and grow > only as needed. > > This matches nicely with my observations of volunteers. We are not > getting many people with the skills and experience to dive into a > very large body of code and debug it. We are getting students and > early career programmers who could work on something like this. It > might also be a viable Google Summer of Code project. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org > For additional commands, e-mail: dev-help@openoffice.apache.org > --------------ms050709020704030701090502 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC CgIwggSvMIIDl6ADAgECAhEA4CPLFRKDU4mtYW56VGdrITANBgkqhkiG9w0BAQsFADBvMQsw CQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4 dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTE0MTIyMjAwMDAwMFoXDTIwMDUzMDEwNDgzOFowgZsxCzAJBgNVBAYTAkdCMRswGQYD VQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP TU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVu dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAImxDdp6UxlOcFIdvFamBia3uEngludRq/HwWhNJFaO0jBtgvHpRQqd5jKQi3xdh TpHVdiMKFNNKAn+2HQmAbqUEPdm6uxb+oYepLkNSQxZ8rzJQyKZPWukI2M+TJZx7iOgwZOak +FaA/SokFDMXmaxE5WmLo0YGS8Iz1OlAnwawsayTQLm1CJM6nCpToxDbPSBhPFUDjtlOdiUC ISn6o3xxdk/u4V+B6ftUgNvDezVSt4TeIj0sMC0xf1m9UjewM2ktQ+v61qXxl3dnUYzZ7ifr vKUHOHaMpKk4/9+M9QOsSb7K93OZOg8yq5yVOhM9DkY6V3RhUL7GQD/L5OKfoiECAwEAAaOC ARcwggETMB8GA1UdIwQYMBaAFK29mHo0tCb3+sQmVO8DveAky1QaMB0GA1UdDgQWBBSSYWuC 4aKgqk/sZ/HCo/e0gADB7DAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAd BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4dGVybmFs Q0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVz ZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQELBQADggEBABsqbqxVwTqriMXY7c1V86prYSvACRAj mQ/FZmpvsfW0tXdeDwJhAN99Bf4Ss6SAgAD8+x1banICCkG8BbrBWNUmwurVTYT7/oKYz1gb 4yJjnFL4uwU2q31Ypd6rO2Pl2tVz7+zg+3vio//wQiOcyraNTT7kSxgDsqgt1Ni7QkuQaYUQ 26Y3NOh74AEQpZzKOsefT4g0bopl0BqKu6ncyso20fT8wmQpNa/WsadxEdIDQ7GPPprsnjJT 9HaSyoY0B7ksyuYcStiZDcGG4pCS+1pCaiMhEOllx/XVu37qjIUgAmLq0ToHLFnFmTPyOInl tukWeh95FPZKEBom+nyK+5swggVLMIIEM6ADAgECAhAOGpnvH/PYh208Iq6lcADqMA0GCSqG SIb3DQEBCwUAMIGbMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDFBMD8GA1UE AxM4Q09NT0RPIFNIQS0yNTYgQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUgRW1h aWwgQ0EwHhcNMTYwNzE3MDAwMDAwWhcNMTcwNzE3MjM1OTU5WjArMSkwJwYJKoZIhvcNAQkB FhptYXR0aGlhcy5zZWlkZWxAaGFtYnVyZy5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC AQoCggEBAJfcRj9YIztZ9uYKKdbP23u4lIj6eHXgloxeLWacd971wGE8EK2KhT4No+LOy9xk /xQqV9+eoJZaTafJ6nwXEnYPKU0AfWbdbq20JqMkaLcUmqjN7VOtFB4iyzBp8NRCcg8t6lxz knz50daKrAWVZ7MdeebDmExD+xMUzPYGv5M5zHLFCGclq/Zo9RMnsuUHHS1k4aUmc9KA1DEI l5Lzd4Ed8XbKlAqcOIe5+TwrGi4Wh1wESuvyNoaeckTxQaPMpkSBfPEcSvnl34Cc/2QNf9il mUUMIvc7eqmJHiZtOYH4CqxQMqyBXcQajnuh+ipZWXNitB1f7ZXIDeXnK1K+qgECAwEAAaOC AfgwggH0MB8GA1UdIwQYMBaAFJJha4LhoqCqT+xn8cKj97SAAMHsMB0GA1UdDgQWBBS6mv+m D7j8asmJFd8kjeIvzng7fzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAgBgNVHSUE GTAXBggrBgEFBQcDBAYLKwYBBAGyMQEDBQIwEQYJYIZIAYb4QgEBBAQDAgUgMEYGA1UdIAQ/ MD0wOwYMKwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2VjdXJlLmNvbW9k by5uZXQvQ1BTMF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NP TU9ET1NIQTI1NkNsaWVudEF1dGhlbnRpY2F0aW9uYW5kU2VjdXJlRW1haWxDQS5jcmwwgZAG CCsGAQUFBwEBBIGDMIGAMFgGCCsGAQUFBzAChkxodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9D T01PRE9TSEEyNTZDbGllbnRBdXRoZW50aWNhdGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQG CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wJQYDVR0RBB4wHIEabWF0dGhp YXMuc2VpZGVsQGhhbWJ1cmcuZGUwDQYJKoZIhvcNAQELBQADggEBACha9ODFqTt6GndOU0YE UZFcRCGs0iLMdZ1cbdmGGhCEB+l4kEzhuVlBqDHC5bND8OASX6nVQMmpiWAjE+BjEByJeN/Z Y24TP466h8jiIkMKCHTV/6GrpZsNTe52+4ggfDCk4oXaPB6LgE+G++U6sCuvjDnS76prIuSC XSUgGB07pJJFKCLPXtdlyV98exFYFoHet3QkpDEjqfQR/8+qipwV3qXFglbi1+cYC7CXreHO y9cMDOLCg/xhe6pGrlI94kG/BIeEXLWy4lxVTQPdI/Lq2QIm6QUKt2tNdZjfl8Z3B+7B7iow xzlYafAfXikbSbFAewPCv7HGFcqOf/sinCMxggRBMIIEPQIBATCBsDCBmzELMAkGA1UEBhMC R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxQTA/BgNVBAMTOENPTU9ETyBTSEEtMjU2IENsaWVu dCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBAhAOGpnvH/PYh208Iq6lcADq MA0GCWCGSAFlAwQCAQUAoIICYTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3 DQEJBTEPFw0xNzA2MTcyMjAxNTNaMC8GCSqGSIb3DQEJBDEiBCAEzuCKzZQy3s/uSRgmePvj 7VMkXeIGi97yGPbYgrYofjBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjALBglghkgB ZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsO AwIHMA0GCCqGSIb3DQMCAgEoMIHBBgkrBgEEAYI3EAQxgbMwgbAwgZsxCzAJBgNVBAYTAkdC MRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNV BAoTEUNPTU9ETyBDQSBMaW1pdGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQg QXV0aGVudGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIQDhqZ7x/z2IdtPCKupXAA6jCB wwYLKoZIhvcNAQkQAgsxgbOggbAwgZsxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVy IE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1p dGVkMUEwPwYDVQQDEzhDT01PRE8gU0hBLTI1NiBDbGllbnQgQXV0aGVudGljYXRpb24gYW5k IFNlY3VyZSBFbWFpbCBDQQIQDhqZ7x/z2IdtPCKupXAA6jANBgkqhkiG9w0BAQEFAASCAQA3 66dfeMCeCxB7e9TJbXF4GkuQm6LyAzgKqqeB3/99rWi7whaOXB8LY4kHcmEpYkmmJ5uVW3k0 vp0doVUZPQ8xdDP06j5pjQfbNU41npGMLeH4cC2jL8By0/yv7hnMGednxysE+eMI3m9losqU kX2C4FIBS/f6rga4zMP91I8iS/u/Eq+BPmaTUNpPWXY4RwdiLzRN6pEfSqcsccjg3iSmKT32 sRrH1WoD6PsvNKmDNRKVMdggCThRa+oI6wlpjc0H+PTw5Q28ugVTDJrdnuB1tjo9jfkJfvrE 87i2833ju4R1FeJhsyig94/eWlAfjqVIquWAgQsBiMLHb9Ygi2jwAAAAAAAA --------------ms050709020704030701090502--