You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The code in args-parser.h is quite unsafe, as it is very easy to specify incorrect types (e.g.TYPE_INT) when using it.
Indeed, this already is the case in lots pf places throughout your codebase: You use TYPE_INT but pass a pointer to a variable of type size_t. But on many systems (e.g. Linux and OS X in 64bit mode) an int is 4 bytes while a size_t is 8 bytes. Now, if the variable that was passed in has its upper bytes cleared, and you are running ona little endian machine, that happens to work right; but in general, it wont'.
At the very least, it would be good to audit all existing uses of the function, to verify the pointers being passed in match the TYPE_FOO specifier. Better would be of course if this was automatically verified. Either by rewriting the existing code (one quick idea that comes to mind is to replace the naive Argument[] array by a std::vector<Argument>, and change `Argument to a proper class, with multiple constructors for the different types; that should get rid of the need to explicitly specify a TYPE_FOO value, too). Or switch to an existing robuse C++ argument parser library (e.g. https://github.com/jarro2783/cxxopts, http://optionparser.sourceforge.net/ or some part of Boost).
The text was updated successfully, but these errors were encountered:
The code in args-parser.h is quite unsafe, as it is very easy to specify incorrect types (e.g.TYPE_INT) when using it.
Indeed, this already is the case in lots pf places throughout your codebase: You use TYPE_INT but pass a pointer to a variable of type
size_t
. But on many systems (e.g. Linux and OS X in 64bit mode) an int is 4 bytes while asize_t
is 8 bytes. Now, if the variable that was passed in has its upper bytes cleared, and you are running ona little endian machine, that happens to work right; but in general, it wont'.At the very least, it would be good to audit all existing uses of the function, to verify the pointers being passed in match the TYPE_FOO specifier. Better would be of course if this was automatically verified. Either by rewriting the existing code (one quick idea that comes to mind is to replace the naive
Argument[]
array by astd::vector<Argument>
, and change `Argument to a proper class, with multiple constructors for the different types; that should get rid of the need to explicitly specify a TYPE_FOO value, too). Or switch to an existing robuse C++ argument parser library (e.g. https://github.com/jarro2783/cxxopts, http://optionparser.sourceforge.net/ or some part of Boost).The text was updated successfully, but these errors were encountered: