Date: Mon, 17 Feb 2025 10:41:57 +0000
What you are describing is known to every developer that is learning how to code, it has been there for over 30 years.
In fact, this is not exclusive to C++, it’s been a thing in programming since before you were born.
Wouldn’t you think if it was such a security risk as you claim, that developers wouldn’t have patch that by now?
Or is it rather more likely that we know something you don’t?
From: Amit <amitchoudhary0523_at_[hidden]>
Sent: Monday, February 17, 2025 11:10 AM
To: Tiago Freire <tmiguelf_at_[hidden]>
Cc: std-discussion_at_[hidden]pp.org; Jan Schultke <janschultke_at_[hidden]>
Subject: Re: [std-discussion] C++ language has a big security hole.
I don't know. I am not a hacker. I am just saying that may be hackers know or may be not.
But I can definitely mess up any object. So, data is not quite safe in C++ as it has been advertised.
"Private variables in a C++ class can't be accessed directly" is a very popular statement.
Regards,
Amit
On Mon, Feb 17, 2025, 3:29 PM Tiago Freire <tmiguelf_at_[hidden]<mailto:tmiguelf_at_[hidden]>> wrote:
How?
From: Std-Discussion <std-discussion-bounces_at_[hidden]<mailto:std-discussion-bounces_at_[hidden]>> On Behalf Of Amit via Std-Discussion
Sent: Monday, February 17, 2025 10:54 AM
To: Jan Schultke <janschultke_at_[hidden]<mailto:janschultke_at_[hidden]>>
Cc: Amit <amitchoudhary0523_at_gmail.com<mailto:amitchoudhary0523_at_[hidden]>>; std-discussion_at_[hidden]<mailto:std-discussion_at_[hidden]>
Subject: Re: [std-discussion] C++ language has a big security hole.
In all C++ object layouts, I have seen that members follow the previous one as in a C structure.
My main point is that hackers/bad people can take advantage of this.
Regards,
Amit
On Mon, Feb 17, 2025, 3:17 PM Jan Schultke <janschultke_at_[hidden]<mailto:janschultke_at_[hidden]>> wrote:
Your code has undefined behavior because you cannot obtain your j_ptr
by doing i_ptr + 1. A past the end pointer is not a pointer to the
next member.
However, the example is correct without j_ptr. It is possible to
obtain a pointer to the first member of a standard-layout class such
as MyClass, even if that member is private.
I wouldn't really call it a security hole. The only way you will do
this in idiomatic C++ code is with reinterpret_cast, and
reinterpret_cast is a giant red flag which says "I'm an expert, I know
what I'm doing, and what I'm doing is potentially dangerous". This
never happens by accident.
In fact, this is not exclusive to C++, it’s been a thing in programming since before you were born.
Wouldn’t you think if it was such a security risk as you claim, that developers wouldn’t have patch that by now?
Or is it rather more likely that we know something you don’t?
From: Amit <amitchoudhary0523_at_[hidden]>
Sent: Monday, February 17, 2025 11:10 AM
To: Tiago Freire <tmiguelf_at_[hidden]>
Cc: std-discussion_at_[hidden]pp.org; Jan Schultke <janschultke_at_[hidden]>
Subject: Re: [std-discussion] C++ language has a big security hole.
I don't know. I am not a hacker. I am just saying that may be hackers know or may be not.
But I can definitely mess up any object. So, data is not quite safe in C++ as it has been advertised.
"Private variables in a C++ class can't be accessed directly" is a very popular statement.
Regards,
Amit
On Mon, Feb 17, 2025, 3:29 PM Tiago Freire <tmiguelf_at_[hidden]<mailto:tmiguelf_at_[hidden]>> wrote:
How?
From: Std-Discussion <std-discussion-bounces_at_[hidden]<mailto:std-discussion-bounces_at_[hidden]>> On Behalf Of Amit via Std-Discussion
Sent: Monday, February 17, 2025 10:54 AM
To: Jan Schultke <janschultke_at_[hidden]<mailto:janschultke_at_[hidden]>>
Cc: Amit <amitchoudhary0523_at_gmail.com<mailto:amitchoudhary0523_at_[hidden]>>; std-discussion_at_[hidden]<mailto:std-discussion_at_[hidden]>
Subject: Re: [std-discussion] C++ language has a big security hole.
In all C++ object layouts, I have seen that members follow the previous one as in a C structure.
My main point is that hackers/bad people can take advantage of this.
Regards,
Amit
On Mon, Feb 17, 2025, 3:17 PM Jan Schultke <janschultke_at_[hidden]<mailto:janschultke_at_[hidden]>> wrote:
Your code has undefined behavior because you cannot obtain your j_ptr
by doing i_ptr + 1. A past the end pointer is not a pointer to the
next member.
However, the example is correct without j_ptr. It is possible to
obtain a pointer to the first member of a standard-layout class such
as MyClass, even if that member is private.
I wouldn't really call it a security hole. The only way you will do
this in idiomatic C++ code is with reinterpret_cast, and
reinterpret_cast is a giant red flag which says "I'm an expert, I know
what I'm doing, and what I'm doing is potentially dangerous". This
never happens by accident.
Received on 2025-02-17 10:42:00