[
https://issues.apache.org/jira/browse/THRIFT-1687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16547881#comment-16547881
]
James E. King III commented on THRIFT-1687:
-------------------------------------------
I would prefer to see us build on linux and on windows with "warnings as
errors" to catch these issues, and then liberally apply `boost::numeric_cast<>`
to resolve them.
> Use Microsoft SafeInt (or reasonable alternative) to protect against integer
> arithmetic attacks
> -----------------------------------------------------------------------------------------------
>
> Key: THRIFT-1687
> URL: https://issues.apache.org/jira/browse/THRIFT-1687
> Project: Thrift
> Issue Type: Improvement
> Components: C++ - Library
> Affects Versions: 0.8, 0.9
> Environment: This is a concern on all OSes. Microsoft SafeInt works
> on the major desktop OSes.
> Reporter: Ben Craig
> Priority: Major
> Original Estimate: 72h
> Remaining Estimate: 72h
>
> There are a lot of scary casts and integer truncations in the C++ Thrift
> library. Microsoft has a template class that will throw an exception when
> any kind of integer overflow has happened ( http://safeint.codeplex.com/ ).
> SafeInt is released under the Microsoft Public License, which ASF has deemed
> suitable as a dependency for Apache products (
> http://www.apache.org/legal/resolved.html#category-a ).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
