[ https://issues.apache.org/jira/browse/THRIFT-1687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14933863#comment-14933863 ]
James E. King, III commented on THRIFT-1687: -------------------------------------------- clang is pretty good at finding these issues as well - the ones where casts haven't been applied that is... > Use Microsoft SafeInt (or reasonable alternative) to protect against integer > arithmetic attacks > ----------------------------------------------------------------------------------------------- > > Key: THRIFT-1687 > URL: https://issues.apache.org/jira/browse/THRIFT-1687 > Project: Thrift > Issue Type: Improvement > Components: C++ - Library > Affects Versions: 0.8, 0.9 > Environment: This is a concern on all OSes. Microsoft SafeInt works > on the major desktop OSes. > Reporter: Ben Craig > Original Estimate: 72h > Remaining Estimate: 72h > > There are a lot of scary casts and integer truncations in the C++ Thrift > library. Microsoft has a template class that will throw an exception when > any kind of integer overflow has happened ( http://safeint.codeplex.com/ ). > SafeInt is released under the Microsoft Public License, which ASF has deemed > suitable as a dependency for Apache products ( > http://www.apache.org/legal/resolved.html#category-a ). -- This message was sent by Atlassian JIRA (v6.3.4#6332)