-----Original Message----- From: boost-bounces@lists.boost.org [mailto:boost-bounces@lists.boost.org] On Behalf Of Patrick Horgan Sent: Monday, November 23, 2009 9:24 PM To: boost@lists.boost.org Subject: Re: [boost] [new Warnings policy] MS C4180 on the Maintenance Guidelines
Nick Stoughton wrote:
SC 22/WG 14 N1160 Austin Group Concerns on PDTR 24731 Stoughton 2006-02-27 Members of the Austin Group have been reviewing the proposed Technical Report on "Bounds Checking Functions" over the last year, and wish to express their concerns over its direction. The proposed interfaces fail to address many of the aspects related to buffer overflow and as a result are only suitable for a narrow range of applications.
I've added a link to this at https://svn.boost.org/trac/boost/wiki/Guidelines/MaintenanceGuidelines at the C4996 notes I conclude that people must be allowed make up their own minds about whether to use secure or not, and so should suppress the warnings. Paul PS It reminds me what a disastrous mistake C made when not including an array length as an integral part of the array, leaving checks (perhaps optional) to the compiler (perhaps using hardware to avoid any perceptible runtime cost). The whole virus fiasco can be traced to this. --- Paul A. Bristow Prizet Farmhouse Kendal, UK LA8 8AB +44 1539 561830, mobile +44 7714330204 pbristow@hetp.u-net.com