Attracting Free Flames....
This morning I got a nice list of things to be updated for my Ubuntu 10 system, including this:
I have a history of blasting M$, Adobe and others for their general lazy approach to bugfixing and I am a fan of Linux, nevertheless, being fair and trying to be objective is more enlightened than pure fanboyism.
I had a quick look into the most commonly used Free PDF base library and found a few calls to strcat, strcpy and the like. Also, C/C++ is in general an unsafe language and nobody should assume he or she will never make a dangerous mistake.
Looking at this code one can see that there exists plenty of potential security problems in all these char* and non-smart pointer operations. The code looks generally quite good, but I would feel much safer if they used a string library which *always* checks bounds.
PDF has been known to be used as an attack vector for Chinese Intelligence operating against dissidents/separatists and what the Chinese can do, anybody else (let's say Pullach, TelAviv, Moscow, Rome, Paris, Langley) can do, too.
Even in the free software world there are very few commonly accepted rules such as "use vectors with array index checking" "use smartpointers which are automatically intialized to NULL" "use only string classes with bounds checking" etc. Too many developers will claim that they can't afford the overhead. In reality that overhead is minimal and must only be removed in very small and well-defined locations. By default, array bounds should be checked and pointers should be initialized to NULL. printf(), strcpy, strcat et al and char* poińters should be banned by default and only be allowed in exceptional cases.
If an exception to these policies must be made, a special keyword in the comments surrounding should announce/enclose this. This would allow reviewers to focus on these sections.