Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Academic research on vulnerable c++ code snippet #11

Open
JafarAkhondali opened this issue Jun 9, 2019 · 1 comment
Open

Academic research on vulnerable c++ code snippet #11

JafarAkhondali opened this issue Jun 9, 2019 · 1 comment

Comments

@JafarAkhondali
Copy link

Dear Vangelis,
We are a group of Academic researchers. We are analyzing vulnerable C++ code snippets migrated from StackOverflow to GitHub. Our research will be published in Academic publications and will not be used in any Industrial application.
We noted a vulnerable code snippet in your repository that was most likely copied from Stack Overflow. The vulnerability exists in this source code file of your repository.

Please verify our report here with regards to the above vulnerability to assist you.
Link to report with four questions for you related to the vulnerability (should not take more than 5 minutes to answer).

Here is a summary of the vulnerable code snippet:

Description:

This answer implements an custom allocator and hacks standard vector class. It's not a good practice to modify standard C++ headers ( or in any other programming language) since it'll result in compilation error in other platforms, undefined behaviours and bugs, problems in newer language compiler and ... .

Mitigation:

#include <vector>
#include <boost/align/aligned_allocator.hpp>
template <typename T>
using aligned_vector = std::vector<T, boost::alignment::aligned_allocator<T, 16>>;

From this answer

Please verify our report here with regards to the above vulnerability to assist you.
Link to report with four questions for you related to the vulnerability (should not take more than 5 minutes to answer).

Sincerely yours,
Morteza Verdi, Shiraz university, E-mail: [email protected]
Jafar Akhondali, Shiraz university, E-mail: [email protected]
Ashkan Sami, Shiraz university, E-mail: [email protected]
Foutse Khomh, Polytechnique Montreal, E-mail: [email protected], website: http://www.khomh.net/
Gias Uddin, Polytechnique Montreal, E-mail: [email protected], website: https://giasuddin.github.io
Alireza Karami motlagh, Shahid Chamran University, E-mail: [email protected]
@JafarAkhondali
Copy link
Author

Hi,
Looks like you didn't complete the survey, can you finish it up?
It would take less than 5 minutes.
Thanks again.
Link to report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@JafarAkhondali