Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ncurses 4.1 security bug

From: davids () WEBMASTER COM (David Schwartz)
Date: Sat, 11 Jul 1998 13:13:27 -0400


Why is C++ bashing so popular? Why can't people get it right? According
to Stroustrup, The C++ Programming Language, 3rd ed., section 9.4.1
Initialization of Nonlocal Variables, p.218 (in the 3rd printing):

"Note that variables initialized by constant expressions cannot depend
on the value of objects from other translation units and do not[1]
require run-time initialization. Such variables are therefore safe to
use in all cases."

[1] The word "not" was missing until the 6th printing (see the errata).


        I believe this is a false statement and that the code I posted to bugtraq
before constitutes a counter-example. Consider the following variable
initialized by a constant expression:

        MyString Foo("test");

        'Foo' is a variable. '"test"' is a constant expression. Now, Stroustrup
claims that this "cannot depend on the value of objects from other
translation units." Consider the following object from another translation
unit:

        int MyString::StringCount=0;

        And consider the following constructor:

        MyString(const char *)
        {
         StringCount++;
         ....
        };

        Now, here you see that a variable initialized by a constant expression CAN
depend on the value of objects from other translation units. So either we
are both misunderstanding Stroustrup or he is incorrect.

        David Schwartz
Previous By Date Next
Previous By Thread Next

Current thread: