[ https://issues.apache.org/jira/browse/THRIFT-1687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16547881#comment-16547881 ]
James E. King III commented on THRIFT-1687: ------------------------------------------- I would prefer to see us build on linux and on windows with "warnings as errors" to catch these issues, and then liberally apply `boost::numeric_cast<>` to resolve them. > Use Microsoft SafeInt (or reasonable alternative) to protect against integer > arithmetic attacks > ----------------------------------------------------------------------------------------------- > > Key: THRIFT-1687 > URL: https://issues.apache.org/jira/browse/THRIFT-1687 > Project: Thrift > Issue Type: Improvement > Components: C++ - Library > Affects Versions: 0.8, 0.9 > Environment: This is a concern on all OSes. Microsoft SafeInt works > on the major desktop OSes. > Reporter: Ben Craig > Priority: Major > Original Estimate: 72h > Remaining Estimate: 72h > > There are a lot of scary casts and integer truncations in the C++ Thrift > library. Microsoft has a template class that will throw an exception when > any kind of integer overflow has happened ( http://safeint.codeplex.com/ ). > SafeInt is released under the Microsoft Public License, which ASF has deemed > suitable as a dependency for Apache products ( > http://www.apache.org/legal/resolved.html#category-a ). -- This message was sent by Atlassian JIRA (v7.6.3#76005)