[cfe-dev] [libc++] gets removed from C11
Jeffrey Walton
noloader at gmail.com
Mon Jul 1 17:50:36 PDT 2013
On Mon, Jul 1, 2013 at 7:55 PM, Richard Smith <richard at metafoo.co.uk> wrote:
> On Mon, Jul 1, 2013 at 4:10 PM, Howard Hinnant <hhinnant at apple.com> wrote:
>> On Jul 1, 2013, at 1:56 AM, Richard Smith <richard at metafoo.co.uk> wrote:
>>
>>> ...
> gets should not disappear if <stdio.h> is included in C++98 or C++11
> mode. If it does, that's a bug; it isn't platforms slowly adopting a
> feature. glibc had that bug for two months (as far as I can tell, it
> never made it into a glibc release), and have already fixed it:
>
> http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c6e013c15e0091edc49affd6ce26562845000dcd
>
> Punishing all platforms for a glibc bug which is already fixed (and
> was never in a glibc release) doesn't seem reasonable, not matter how
> bad we all agree "gets" is.
Does that include C11 Annex K's Bounds Checking Interfaces (ISO/IEC TR
24731-1 and friends)?
If memory serves, me, one of the libc maintainers did not incorporate
them because he felt they were "horribly inefficient BSD crap." He
also felt developers should "learn to use the existing functions
properly [sic]."
We were recently reminded what happens in that case: tens to hundreds
of millions of embedded devices (mobile devices, home routers and
gateways, et al) with security related defects (some of which will
never be patched). Confer: CVE-2012-5959, CVE-2012-5960,
CVE-2012-5961, CVE-2012-5962, CVE-2012-5963, CVE-2012-5964,
CVE-2012-5965 – collectively known as “libupnp Multiple Buffer
Overflow Vulnerabilities."
Jeff
More information about the cfe-dev
mailing list