Bugtraq mailing list archives
Re: ncurses 4.1 security bug
From: davids () WEBMASTER COM (David Schwartz)
Date: Sat, 11 Jul 1998 13:13:27 -0400
Why is C++ bashing so popular? Why can't people get it right? According to Stroustrup, The C++ Programming Language, 3rd ed., section 9.4.1 Initialization of Nonlocal Variables, p.218 (in the 3rd printing): "Note that variables initialized by constant expressions cannot depend on the value of objects from other translation units and do not[1] require run-time initialization. Such variables are therefore safe to use in all cases." [1] The word "not" was missing until the 6th printing (see the errata).
I believe this is a false statement and that the code I posted to bugtraq before constitutes a counter-example. Consider the following variable initialized by a constant expression: MyString Foo("test"); 'Foo' is a variable. '"test"' is a constant expression. Now, Stroustrup claims that this "cannot depend on the value of objects from other translation units." Consider the following object from another translation unit: int MyString::StringCount=0; And consider the following constructor: MyString(const char *) { StringCount++; .... }; Now, here you see that a variable initialized by a constant expression CAN depend on the value of objects from other translation units. So either we are both misunderstanding Stroustrup or he is incorrect. David Schwartz
Current thread:
- Re: Forwared to me, (continued)
- Re: Forwared to me Jason Downs (Jul 13)
- Re: Forwared to me Illuminatus Primus (Jul 13)
- Netware 4.x Attack Tool Announcement Simple Nomad (Jul 13)
- Re: ncurses 4.1 security bug Casper Dik (Jul 09)
- Re: ncurses 4.1 security bug Pavel Kankovsky (Jul 09)
- Re: ncurses 4.1 security bug Matt Evans (Jul 09)
- Re: ncurses 4.1 security bug Warner Losh (Jul 10)
- inetd can leak file descriptors +FIX Jeff Forys (Jul 14)
- Re: ncurses 4.1 security bug Alexander Kjeldaas (Jul 15)
- Re: ncurses 4.1 security bug Warner Losh (Jul 10)
- Re: ncurses 4.1 security bug Ben Laurie (Jul 11)
- Re: ncurses 4.1 security bug David Schwartz (Jul 11)
- Re: ncurses 4.1 security bug Geoffrey KEATING (Jul 14)
- Re: ncurses 4.1 security bug Ben Laurie (Jul 11)
- Re: ncurses 4.1 security bug David Schwartz (Jul 11)
- Re: ncurses 4.1 security bug Ben Laurie (Jul 12)