Re: Blog: C++ Code Smells

Problem: The "security bulletin" you link to (which is not the bulletin but
Michael's discussion of it) is bogus. And so are the conclusions about code
smell, in both Michael's post and your own.

It says:
<quote>
I contend that this would be very difficult to spot in a code review, and is
not picked up by the C/C++ compiler owing to the (void*) cast. If the cast
is removed, the compiler issues an error like this:

C2664: '<function>' : cannot convert parameter 1 from 'BYTE **' to 'BYTE *'
</quote>

The compiler would never generate that message, because the actual parameter
type is void* not BYTE*. There is an implicit conversion from BYTE** to
void*. It is legal to serialize a pointer to/from a stream (the utility is
somewhat questionable, but it could make sense under certain circumstances,
especially with based pointers).

Also if the parameter were actually BYTE*, the explicit cast to void would
create an error (in C++, void* does not implicitly cast to anything, and the
code snippet is definitely C++ and not C). In fact it would generate the
error regardless of the actual type and even when there is no extra &.
Plus, if the parameter were typed as BYTE*, it would be impossible to use
the API without an explicit cast.

So I agree with your conclusions about preferring C++ template-style casts
over C-style. But the rest of the discussion is not grounded in reality.

And I find it amusing that the comments to Michael's post include a "safe"
version of the code which contains the same error.
http://blogs.msdn.com/sdl/archive/2009/07/28/atl-ms09-035-and-the-sdl.aspx#9855313

"Richard" <legalize+jeeves@mail.xmission.com> wrote in message
news:#c#zZPoEKHA.1540@TK2MSFTNGP02.phx.gbl...


__________ Information from ESET NOD32 Antivirus, version of virus signature database 4298 (20090802) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com