[AGENT++] src/asn1.cpp:386:5: error: ISO C++17 does not allow 'register' storage class specifier
Isaac Nickaein
nickaein.i at gmail.com
Thu Sep 6 01:04:45 CEST 2018
Hi Frank,
> I do not know which code you are quoting, but it is not the latest SNMP++ version. It has not “register” modifier in any variable definition.
You are correct. This has been resolved in latest SNMP++ library.
Apparently Calus and me were both on an older versions with same
issue.
> In addition, the memory allocation issues are caused by the Openssl version you are using or send the Openssl team . Maybe you should upgrade this library?
Two instances of the discussed issue is inside "auth_priv.cpp" file in
"AuthSHABase::auth_out_msg" method, where two arrays are allocated to
auto_ptr:
std::auto_ptr<unsigned char> ipad(new unsigned char[block_size]);
std::auto_ptr<unsigned char> opad(new unsigned char[block_size]);
I am not aware whether this file/method is related to SNMP++ or OpenSSL.
Nevertheless, this usage is not strictly "correct" since the
"auto_ptr" will call "delete" instead of "delete[]" for destruction,
which by C++ standard is undefined behavior.
However, it seems that calling delete on arrays of primitive type is
still "fine" and practically doesn't do any harm:
https://stackoverflow.com/a/6953502/161640
So in a nutshell, a memory leak is probably not happening in this scenario.
> From my point of view it is not helpful to criticise historic or self modified code.
I agree. There is no doubt that Agent++ is stable and reliable
library. I personally haven't seen any major issues in using it in
production ever since.
Nevertheless, there could be always some bugs that remain undetected
(e.g. heartbleed in OpenSSL), these tools could help to detect those
bugs.
The goal I am hoping in discussions are that no room is left for
improving the reliability and safety.
> Analysing false alarms is more work than you might think and the time it consumes
> blocks us from actually improving the source code.
> Any bug report is welcome, but a minimum of quality check should be done be the reporter (and commenter) beforehand.
Well said. Sorry on my part for not checking these with the latest release.
Cheers,
Isaac
More information about the AGENTPP
mailing list