Secure Coding mailing list archives

Why Shouldn't I use C++?

From: rcs at cert.org (Robert C. Seacord)
Date: Wed, 01 Nov 2006 05:15:30 -0500

Ben,

I would not go so far as to say never use C++.  It is probably the most
powerful and expressive commercially successful programming language
available today and there are often good reasons to use the language.

Secure programming in C++ is possible, but C++ itself is exceptionally
complex, has many idiosyncrasies, and as a result it is very easy to
make mistakes in the language.  Because of these factors, many C++
experts recommend an idiomatic approach to C++ where basically you reuse
 snippets of code that do something akin to what you are after.  The
message here, of course, is that you are likely to mess up if you write
some "new code" which has not been thoroughly considered by a panel of
experts for many years. 8^)

If you use the STL containers and follow basic good
programming practices of C++ instead of using C-Arrays and pointer
arithmetic then the unsafe C features are no longer an issue?


See
https://www.securecoding.cert.org/confluence/display/cplusplus/13.+STL+%28STL%29
for common security flaws involving the STL

See
https://www.securecoding.cert.org/confluence/display/cplusplus/10.+Basic+string+class+%28BSC%29

for common security flaws involving basic_string (which also functions
as an STL sequence container)

Integer related security problems are basically the same for both C and C++.

C and C++ are very different. Using C++ like C is arguable unsafe, but when
it's used as it was intended can't C++ too be considered for secure
programming?


I'll agree with you that using C++ in an idiomatic fashion is safer than
  using it like C.  One of the things you will note through the
www.securecoding.cert.org web site is that many of the problems for C
programming language also exist for C++, but the solutions are different
because C++ offers better/different options.  But you need to know to
use these, you have to be aware of the new problems that C++ brings, and
you often need to use C features to interact with existing libraries.

Hope this (partial) explanation helps somewhat.

rCs

Current thread:

Why Shouldn't I use C++? Ben Corneau (Oct 31)
- Why Shouldn't I use C++? Robert C. Seacord (Nov 01)
- Why Shouldn't I use C++? ljknews (Nov 01)
- Why Shouldn't I use C++? Leichter, Jerry (Nov 01)
- Why Shouldn't I use C++? Crispin Cowan (Nov 02)
- <Possible follow-ups>
- Why Shouldn't I use C++? Peter Amey (Nov 01)
- Why Shouldn't I use C++? Gary McGraw (Nov 01)