Date: Mon, 17 Feb 2025 15:39:45 +0530
I don't know. I am not a hacker. I am just saying that may be hackers know
or may be not.
But I can definitely mess up any object. So, data is not quite safe in C++
as it has been advertised.
"Private variables in a C++ class can't be accessed directly" is a very
popular statement.
Regards,
Amit
On Mon, Feb 17, 2025, 3:29 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
> How?
>
>
>
>
>
> *From:* Std-Discussion <std-discussion-bounces_at_[hidden]> *On
> Behalf Of *Amit via Std-Discussion
> *Sent:* Monday, February 17, 2025 10:54 AM
> *To:* Jan Schultke <janschultke_at_[hidden]>
> *Cc:* Amit <amitchoudhary0523_at_[hidden]>; std-discussion_at_[hidden]
> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>
>
>
> In all C++ object layouts, I have seen that members follow the previous
> one as in a C structure.
>
>
>
> My main point is that hackers/bad people can take advantage of this.
>
>
>
> Regards,
>
> Amit
>
>
>
>
>
> On Mon, Feb 17, 2025, 3:17 PM Jan Schultke <janschultke_at_[hidden]>
> wrote:
>
> Your code has undefined behavior because you cannot obtain your j_ptr
> by doing i_ptr + 1. A past the end pointer is not a pointer to the
> next member.
>
> However, the example is correct without j_ptr. It is possible to
> obtain a pointer to the first member of a standard-layout class such
> as MyClass, even if that member is private.
>
> I wouldn't really call it a security hole. The only way you will do
> this in idiomatic C++ code is with reinterpret_cast, and
> reinterpret_cast is a giant red flag which says "I'm an expert, I know
> what I'm doing, and what I'm doing is potentially dangerous". This
> never happens by accident.
>
>
or may be not.
But I can definitely mess up any object. So, data is not quite safe in C++
as it has been advertised.
"Private variables in a C++ class can't be accessed directly" is a very
popular statement.
Regards,
Amit
On Mon, Feb 17, 2025, 3:29 PM Tiago Freire <tmiguelf_at_[hidden]> wrote:
> How?
>
>
>
>
>
> *From:* Std-Discussion <std-discussion-bounces_at_[hidden]> *On
> Behalf Of *Amit via Std-Discussion
> *Sent:* Monday, February 17, 2025 10:54 AM
> *To:* Jan Schultke <janschultke_at_[hidden]>
> *Cc:* Amit <amitchoudhary0523_at_[hidden]>; std-discussion_at_[hidden]
> *Subject:* Re: [std-discussion] C++ language has a big security hole.
>
>
>
> In all C++ object layouts, I have seen that members follow the previous
> one as in a C structure.
>
>
>
> My main point is that hackers/bad people can take advantage of this.
>
>
>
> Regards,
>
> Amit
>
>
>
>
>
> On Mon, Feb 17, 2025, 3:17 PM Jan Schultke <janschultke_at_[hidden]>
> wrote:
>
> Your code has undefined behavior because you cannot obtain your j_ptr
> by doing i_ptr + 1. A past the end pointer is not a pointer to the
> next member.
>
> However, the example is correct without j_ptr. It is possible to
> obtain a pointer to the first member of a standard-layout class such
> as MyClass, even if that member is private.
>
> I wouldn't really call it a security hole. The only way you will do
> this in idiomatic C++ code is with reinterpret_cast, and
> reinterpret_cast is a giant red flag which says "I'm an expert, I know
> what I'm doing, and what I'm doing is potentially dangerous". This
> never happens by accident.
>
>
Received on 2025-02-17 10:09:58