LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Highlights from the PostgreSQL 9.2 beta

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

C style code in C++

C style code in C++

Posted Sep 9, 2005 21:56 UTC (Fri) by lordsutch (subscriber, #53)
In reply to: C style code in C++ by djrom
Parent article: A new Firefox buffer overflow

Indeed:

Don't use C++ standard library features, including iostream

Using C++ standard library features involves significant portability problems because newer compilers require the use of namespaces and of headers without .h, whereas older compilers require the opposite. This includes iostream features, such as cin and cout.

Furthermore, using the C++ standard library imposes difficulties on those attempting to use Mozilla on small devices.

There is one exception to this rule: it is acceptable to use placement new. To use it, include the standard header <new> by writing #include NEW_H.

(Log in to post comments)

C style code in C++

Posted Sep 9, 2005 23:03 UTC (Fri) by JoeBuck (subscriber, #2330) [Link]

That's just broken. The C++ standard has been official for 7 years now, and the problems described in your quote are largely a thing of the past.

But even before that, it was not hard to write portability layers to hide such problems, and opportunities for buffer overflows, leaks, and heap corruption are greatly reduced if standard STL classes (such as std::vector) are used instead of fixed-length buffers or arrays allocated by malloc or new.

Using C++ and standard classes gives you fewer buffer overflows than you'll get with C; using C++ without standard classes will give you more ways to shoot yourself in the foot, and more crashes and security holes.

C style code in C++

Posted Sep 10, 2005 14:35 UTC (Sat) by khim (guest, #9252) [Link]

The C++ standard has been official for 7 years now

And... ? What does this mean exactly. We still are using test with question "How many ANSI C++ compatible compilers can you name ?". Evaluation: minus five points per named compiler.

Situation with C++ is total mess: C++ standard is official for 7 years now but there are no ANSI C++ compatible compilers. Not even single one. Some are just plain broken (do not support namespaces or something), some will crash on template-heavy code, some have incompatible STL, etc.

C style code in C++

Posted Sep 10, 2005 20:50 UTC (Sat) by nix (subscriber, #2304) [Link]

If you ignore `export' (not a brilliant move on the committee's part IMHO), a significant number of compilers are close to standards-compliance: close enough that a *lot* of other software uses the STL and friends without trouble, and has for years.

C style code in C++

Posted Sep 12, 2005 9:38 UTC (Mon) by ajf (subscriber, #10844) [Link]

That's just broken. The C++ standard has been official for 7 years now, and the problems described in your quote are largely a thing of the past.

Well, the document quoted has been on mozilla.org since the project was released (so it may well be based on an internal Netscape document that's even older). Hey, that's 7 years ago too!

They probably could update it to take advantage of improvements in compilers since then. All they would need to do is divert time and resources away from developing Mozilla — you know, the reason they exist, that's all — to test compatibility with all the compilers they still care to support.

Can you be so smugly sure that it would be worth it?

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds