-
Notifications
You must be signed in to change notification settings - Fork 443
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v1.2 ssl_options:on_error string init not recommended #317
Comments
With the STL, raw pointers can be used as iterators. So it calls:
with This is fairly portable across STL containers as most have a constructor using first and last iterators, like:
but I'm not sure of any other containers that take a pointer and a length the way that I would have no problem changing them as the constructor you mention makes as much (or more) sense for the specific usage. But I know of no warnings that claim this as a problem. Could you try to look that up for me? (Thanks) I'm not sure this would come up too often in a pure C++ application, but when interfacing to a C lib, I don't know any way around this type of thing. |
I had suspected the Iterator ctor but was unsure that pointer are taken as iterators, so good info for me. Pointer arithmetic is unsafe, and so not recommended by the safety code guidelines in general, with exception of the pointers on real array as long as managing the out of bounds. You can find recommendations in the ISO C++ Code guidelines by searching "pointer arithmetic" in it. (https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines) This is why it is enforced in the code guidelines that deals with code safety, as in the major MISRAC++08 (obsolete but the current reference), or AUTOSAR C++14 code guidelines that modernize the MISRA-C++08 (or JSF) (in your case the string is handled by a pointer, not as an array, so not compliant) Those rules can be tested with static code checkers (Codesonar, Klockwork...) GCC warnings allows cheking some wrong/implicit conversions but I do nto know if they work for that case: But you'd better use clang-tidy that I never used but perfect for that Some examples from the Codesonar doc (on M5-0-15 like):
} |
Cool. Thanks for the info. I actually guessed you were mainly talking about MISRA or an industrial guideline. Like I said, I have no problem changing this specific case, and I really should remember it when working with string between C and C++, as the ptr/len ctor is actually more obvious and direct. But I do think the idiom of Also, this library is just one giant wrapper around a C lib, and in this interface area, the general C++ rules need to be broken because your interfacing with a different, lower-level API. Other languages like Rust let you (or require you) to mark these sections with an So there's always going to be exceptions. |
Hi, testing integrating the new Paho 1.2, thx for the update!
I checked the new method for the SSL error to replace ours, and I saw something that could give warning as uselessly doing pointer arithmetic (not recommended in modern C++)
Such warning could be enforced by gcc warning option (sorry, not in my mind tonight) or got via some static checker tool.
In ssl_options:on_error()
string errMsg { str, str+len };
Also I am not sure what ctor it uses.
This would be safer to use the simple ctor (ptr, len)
basic_string( const CharT* s,
size_type count,
const Allocator& alloc = Allocator() );
so here:
string errMsg { str, len };
This one do not generate any warning as no pointer arithmetic.
The text was updated successfully, but these errors were encountered: