Issue Details

Number

31272

Title

RFC: Adopt C++ Safe Buffers?

Description

C++ is unsafe, meaning that any code written in it may cause undefined behavior at runtime. One possible source of undefined behavior is out-of-range memory access. While some limited compiler warnings exist to detect some obvious cases, tracking down out-of-range memory access is usually done at runtime with debugging tools such as Valgrind or Asan. However, such tools can normally not be used in production, because they are not hardening tools, see https://stackoverflow.com/a/70004411/2084795. Some C++ standard libraries provide options to enable a hardened build, which can also be used in production, see https://libcxx.llvm.org/Hardening.html. However, this requires using the standard library containers or primitives to represent buffers. For example, instead of using a raw C-array, `std::array` should be preferred. Also, instead of using a raw C-pointer, `std::span` should be preferred. My understanding is that only libc++ offers such a hardened build right now, so the benefit would be limited. Also, the required patch is large-ish. However, I think it would be good to keep this hardening feature in mind and use `std::array` and `std::span` for new code. Possibly in the future, those can be enforced. `std::array` via https://clang.llvm.org/extra/clang-tidy/checks/modernize/avoid-c-arrays.html and `std::span` (really all buffer representations) via `-Wunsafe-buffer-usage` https://clang.llvm.org/docs/SafeBuffers.html.

URL

https://github.com/bitcoin/bitcoin/issue/31272

Closed by

Notes

Attention of

Kill Factor (1-10)

Save

Back to List