Are not you testing backwards compatibility? why can't checking secure coding guide?

[testcode77]

As a result of the code review, there are very few code changes in 1.03 and 1.04. The compatibility of the minor version update does not seem to be tested and seems to be a problem.

We also frequently use vulnerable functions such as memcpy (). Secure coding guide is not applied.

Is this the main net?

[ghost]

@testcode77 Huge, experimental testnet I think 😂

[testcode77]

EOS uses improper functions such as memcpy(). Low level C type function code that can buffer overflow. Most data types are 'AUTO'. auto type is very slow and Debugging is difficult. It is interesting.

[tbfleming]

• auto doesn't impact runtime; it's one of C++'s 0-overhead abstractions.
• memcpy is the only way to do type punning in ISO C++ without invoking undefined behavior (see the C++ strict aliasing rule). Type punning is necessary to do serialization. There's a non-ISO extension that GCC and Clang support that allows type punning with unions, but it's clumsy and doesn't support all cases.
• 1.04 is running well in the Jungle testnet. Don't jump to conclusions about it being the problem.

If you find a case where memcpy overruns memory in eosio, then report it.