[
https://issues.apache.org/jira/browse/THRIFT-1687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14933863#comment-14933863
]
James E. King, III commented on THRIFT-1687:
--------------------------------------------
clang is pretty good at finding these issues as well - the ones where casts
haven't been applied that is...
> Use Microsoft SafeInt (or reasonable alternative) to protect against integer
> arithmetic attacks
> -----------------------------------------------------------------------------------------------
>
> Key: THRIFT-1687
> URL: https://issues.apache.org/jira/browse/THRIFT-1687
> Project: Thrift
> Issue Type: Improvement
> Components: C++ - Library
> Affects Versions: 0.8, 0.9
> Environment: This is a concern on all OSes. Microsoft SafeInt works
> on the major desktop OSes.
> Reporter: Ben Craig
> Original Estimate: 72h
> Remaining Estimate: 72h
>
> There are a lot of scary casts and integer truncations in the C++ Thrift
> library. Microsoft has a template class that will throw an exception when
> any kind of integer overflow has happened ( http://safeint.codeplex.com/ ).
> SafeInt is released under the Microsoft Public License, which ASF has deemed
> suitable as a dependency for Apache products (
> http://www.apache.org/legal/resolved.html#category-a ).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
