On 03/05/21 11:06 pm, Jonathan Wakely wrote:
On 03/05/21 22:17 +0200, François Dumont via Libstdc++ wrote:
Is it too early to consider this patch ? Or just lack of time ?
I haven't had time to review it yet, but my general feeling hasn't
changed. I still don't like the idea of executing additional code
after undefined behaviour is detected. I've been convinced by glibc
folk that every bit of code run when the program state is corrupt
increases the risk that it can be exploited by an attacker.
Ok, I must have miss (or forgot) this feedback.
Well, isn't it the current situation of the whole _GLIBCXX_DEBUG mode ?
For me _GLIBCXX_DEBUG mode purpose is to detect UB situation and to
assert _before_ any UB code is run.
Moreover it is optional. This is a feature to use when _GLIBCXX_DEBUG is
telling you that you have a problem in your code but you just cannot
find where it is called.
