What you are describing is known to every developer that is learning how to code, it has been there for over 30 years.

In fact, this is not exclusive to C++, it’s been a thing in programming since before you were born.

 

Wouldn’t you think if it was such a security risk as you claim, that developers wouldn’t have patch that by now?

 

Or is it rather more likely that we know something you don’t?

                                                                      

 

 

From: Amit <amitchoudhary0523@gmail.com>
Sent: Monday, February 17, 2025 11:10 AM
To: Tiago Freire <tmiguelf@hotmail.com>
Cc: std-discussion@lists.isocpp.org; Jan Schultke <janschultke@googlemail.com>
Subject: Re: [std-discussion] C++ language has a big security hole.

 

I don't know. I am not a hacker. I am just saying that may be hackers know or may be not.

 

But I can definitely mess up any object. So, data is not quite safe in C++ as it has been advertised.

 

"Private variables in a C++ class can't be accessed directly" is a very popular statement.

 

Regards,

Amit

 

 

On Mon, Feb 17, 2025, 3:29PM Tiago Freire <tmiguelf@hotmail.com> wrote:

How?

 

 

From: Std-Discussion <std-discussion-bounces@lists.isocpp.org> On Behalf Of Amit via Std-Discussion
Sent: Monday, February 17, 2025 10:54 AM
To: Jan Schultke <janschultke@googlemail.com>
Cc: Amit <amitchoudhary0523@gmail.com>; std-discussion@lists.isocpp.org
Subject: Re: [std-discussion] C++ language has a big security hole.

 

In all C++ object layouts, I have seen that members follow the previous one as in a C structure.

 

My main point is that hackers/bad people can take advantage of this.

 

Regards,

Amit

 

 

On Mon, Feb 17, 2025, 3:17PM Jan Schultke <janschultke@googlemail.com> wrote:

Your code has undefined behavior because you cannot obtain your j_ptr
by doing i_ptr + 1. A past the end pointer is not a pointer to the
next member.

However, the example is correct without j_ptr. It is possible to
obtain a pointer to the first member of a standard-layout class such
as MyClass, even if that member is private.

I wouldn't really call it a security hole. The only way you will do
this in idiomatic C++ code is with reinterpret_cast, and
reinterpret_cast is a giant red flag which says "I'm an expert, I know
what I'm doing, and what I'm doing is potentially dangerous". This
never happens by accident.