Tips for writing Secure Code

Memory Management:

1. Stick to the principle of who is allocated and who is released. The memory allocated by a class should be released by this class (active or passive ). The memory allocated by the dynamic connection library should be more like this.

2. New/delete new []/Delete [] malloc/free must be strictly matched. For example, do not use free to release the memory allocated by new.

3. Do not transmit STL containers as parameters between dynamic libraries, because it is difficult to ensure that the memory allocation and release are consistent.

4. Do not transmit template objects as parameters between dynamic libraries, because it is difficult to ensure that the memory allocation and release are consistent, or even difficult to guarantee.CodeYes.

5. When you delete an object, make sure that the object is deleted when it is referenced by others. Therefore, the best way is to learn the object reference counting method of COM.

6. The function never returns the address of a local object (including references), because this address is still valid at the end of the function, but is usually overwritten by junk data.

7. Do not use memset (this,…) for a class with virtual functions ,....) In this way, the virtual table is also cleared when the member data of the class is cleared.

8. If a class is a virtual class, its destructor should also be virtual. In this way, the destructor of the subclass will be correctly called, otherwise Memory leakage may occur.

9. if one of your classes is written in DLL. and prepare the output. try to write all the functions to CPP. the constructor and destructor must be written to CPP. even if they do not have a line of code. the code for free memory allocation and release is inconsistent.

10. remember to write the copy constructor and operator = function when appropriate, because if your class is allocated with memory and saved with pointers, if you do not write these two functions, the memory is double free.

11. When copying a string, if you need to allocate memory, remember that the memory size is strlen () + 1, remember that 1 .....

12 ..... To be continue

 

Prevents crash and facilitates debugging

1. Compliance with the terms in the memory management section can effectively reduceProgramCrash.

2. Try to add judgment before using a pointer to prevent the occurrence of invalid pointers.

3. pointer variables must be initialized. Otherwise, the judgment in Clause 2 may become invalid. Remember to initialize other variables.

4. After deleting the pointer of an object, the pointer should be null, which is one of the effective methods to prevent the wild pointer.

5. check the range of the target. whether it's array or container .. to put it bluntly, try to check the rationality of the data. do not make any assumptions about the rationality of the data. try to correct illegal data. after the error is corrected, you must record the log and output the error message. to facilitate inspection and debugging.

6. as mentioned above, do not mean log and assert. assert can easily catch exceptions. do not write meaningful code in assert. in the release version, assert is ignored. when a program encounters an exception, remember to log it to the console and go to the file. or a dialog box is displayed. the minimum value must be assert.

7. Check the return value of the function. In combination with Clause 6, this can effectively prevent many crash that can be avoided ..

8. when traversing a container, you must note that (1) the container is deleted correctly and (2) the container size is changed after deletion. (3) Note that the vector itself may be released. for example, if many message functions are connected under signal, replace the container first. loop again.

9. Do not declare static variables in the inline function ..... Note that all the member functions written in the header file are inline functions.

10. When transferring data between DLL, try to use the data type of standard C and the pure Virtual Interface of C ++ (note that there is no member variable ).

11. Use dynamic_case when converting the C ++ class from its parent class to its subclass <>. Check whether the conversion result is null.

12 ..... To be continue