C++ Logo


Advanced search

Re: [std-proposals] [[packed]] std::unaligned

From: Thiago Macieira <thiago_at_[hidden]>
Date: Wed, 20 Dec 2023 09:41:34 -0300
On Tuesday, 19 December 2023 16:33:36 -03 Jason McKesson via Std-Proposals
> > 'private' and 'protected' are useful, in particular when it comes to
> >
> > But even though I have a lock on the front door of my house, I have a
> > key for it hidden nearby. It's not bad practise to provide a way to
> > circumvent a system in unusual circumstances.
> It is if you have a sign pointing everyone to the key.

Worse, it's a sign that everyone would have as a requirement for their houses.

I agree with the metaphor, not with the conclusion: it's equivalent to having
a workaround for weird conditions, especially for writing debugging code. But
not a standard one: everyone can design their own and invent their own
mechanism to protect from abuse.

For example, for Qt, QObjectPrivate::get() takes a QObject pointer and returns
the QObjectPrivate pointer that is inside, thus allowing any arbitrary code
that can #include <private/qobject_p.h> to get the QObjectPrivate for any
QObject, and thus also static_cast that to a descendant class.

Our defence mechanism is that the qobject_p.h header has the "We mean it"

// W A R N I N G
// -------------
// This file is not part of the Qt API. It exists for the convenience
// of qapplication_*.cpp, qwidget*.cpp and qfiledialog.cpp. This header
// file may change from version to version without notice, or even be removed.
// We mean it.

An extra protection I have developed but never pushed is to use the ELF
version to tag everything that includes these headers.

Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
   Software Architect - Intel DCAI Cloud Engineering

Received on 2023-12-20 12:41:37