Re: ncurses 4.1 security bug

davidsWEBMASTER.COM

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: David Schwartz: "Re: ncurses 4.1 security bug"
• Previous message: Ben Laurie: "Re: ncurses 4.1 security bug"
• In reply to: Ben Laurie: "Re: ncurses 4.1 security bug"
• Next in thread: Geoffrey KEATING: "Re: ncurses 4.1 security bug"

> Why is C++ bashing so popular? Why can't people get it right? According
> to Stroustrup, The C++ Programming Language, 3rd ed., section 9.4.1
> Initialization of Nonlocal Variables, p.218 (in the 3rd printing):
>
> "Note that variables initialized by constant expressions cannot depend
> on the value of objects from other translation units and do not[1]
> require run-time initialization. Such variables are therefore safe to
> use in all cases."
>
> [1] The word "not" was missing until the 6th printing (see the errata).

        I believe this is a false statement and that the code I posted to bugtraq
before constitutes a counter-example. Consider the following variable
initialized by a constant expression:

        MyString Foo("test");

        'Foo' is a variable. '"test"' is a constant expression. Now, Stroustrup
claims that this "cannot depend on the value of objects from other
translation units." Consider the following object from another translation
unit:

        int MyString::StringCount=0;

        And consider the following constructor:

        MyString(const char *)
        {
         StringCount++;
         ....
        };

        Now, here you see that a variable initialized by a constant expression CAN
depend on the value of objects from other translation units. So either we
are both misunderstanding Stroustrup or he is incorrect.

        David Schwartz

• Next message: David Schwartz: "Re: ncurses 4.1 security bug"
• Previous message: Ben Laurie: "Re: ncurses 4.1 security bug"
• In reply to: Ben Laurie: "Re: ncurses 4.1 security bug"
• Next in thread: Geoffrey KEATING: "Re: ncurses 4.1 security bug"