Closed testcode77 closed 6 years ago
@testcode77 Huge, experimental testnet I think 😂
EOS uses improper functions such as memcpy(). Low level C type function code that can buffer overflow. Most data types are 'AUTO'. auto type is very slow and Debugging is difficult. It is interesting.
auto
doesn't impact runtime; it's one of C++'s 0-overhead abstractions.memcpy
is the only way to do type punning in ISO C++ without invoking undefined behavior (see the C++ strict aliasing rule). Type punning is necessary to do serialization. There's a non-ISO extension that GCC and Clang support that allows type punning with unions, but it's clumsy and doesn't support all cases.If you find a case where memcpy
overruns memory in eosio, then report it.
As a result of the code review, there are very few code changes in 1.03 and 1.04. The compatibility of the minor version update does not seem to be tested and seems to be a problem.
We also frequently use vulnerable functions such as memcpy (). Secure coding guide is not applied.
Is this the main net?