On 17/12/2015 13:25, Ganesh wrote:
I have run HP fortify scan on our code which uses Boos libraries for checking security vulnerabilities. During the scan I got issues reported in below two files.
1. compressed_pair.hpp 2. next_prior.hpp
The issue reported as below. *1. compressed_pair.hpp (In line 154)*
LINE 153: compressed_pair_imp(first_param_type x, second_param_type y) LINE 154: * : first_type(x), second_(y) {}*
Abstract: The program reads data from just outside the bounds of allocated memory.
I see no other way to (correctly) implement that functionality. I assume that Fortify is complaining because the base class type (first_type here) is empty and therefore occupies the same physical storage as data member second_. IMO the code is completely correct though. HTH, John.