[7238] in bugtraq
Re: ncurses 4.1 security bug
daemon@ATHENA.MIT.EDU (David Schwartz)
Mon Jul 13 12:58:28 1998
Date: Sat, 11 Jul 1998 13:13:27 -0400
Reply-To: David Schwartz <davids@WEBMASTER.COM>
From: David Schwartz <davids@WEBMASTER.COM>
X-To: Ben Laurie <ben@algroup.co.uk>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <35A744E9.7317A812@algroup.co.uk>
> Why is C++ bashing so popular? Why can't people get it right? According
> to Stroustrup, The C++ Programming Language, 3rd ed., section 9.4.1
> Initialization of Nonlocal Variables, p.218 (in the 3rd printing):
>
> "Note that variables initialized by constant expressions cannot depend
> on the value of objects from other translation units and do not[1]
> require run-time initialization. Such variables are therefore safe to
> use in all cases."
>
> [1] The word "not" was missing until the 6th printing (see the errata).
I believe this is a false statement and that the code I posted to bugtraq
before constitutes a counter-example. Consider the following variable
initialized by a constant expression:
MyString Foo("test");
'Foo' is a variable. '"test"' is a constant expression. Now, Stroustrup
claims that this "cannot depend on the value of objects from other
translation units." Consider the following object from another translation
unit:
int MyString::StringCount=0;
And consider the following constructor:
MyString(const char *)
{
StringCount++;
....
};
Now, here you see that a variable initialized by a constant expression CAN
depend on the value of objects from other translation units. So either we
are both misunderstanding Stroustrup or he is incorrect.
David Schwartz
