diff --git a/modules/ROOT/pages/programming-languages/.CXX-Language.adoc.swp b/modules/ROOT/pages/programming-languages/.CXX-Language.adoc.swp deleted file mode 100644 index 871f9fd..0000000 Binary files a/modules/ROOT/pages/programming-languages/.CXX-Language.adoc.swp and /dev/null differ diff --git a/modules/ROOT/pages/programming-languages/C-Libc.adoc b/modules/ROOT/pages/programming-languages/C-Libc.adoc index 6cd482a..1882ab7 100644 --- a/modules/ROOT/pages/programming-languages/C-Libc.adoc +++ b/modules/ROOT/pages/programming-languages/C-Libc.adoc @@ -85,11 +85,11 @@ Use the indicated replacements for the functions below. * `putenv` ⟶ explicit `envp` argument in process creation -(see <>) +(see xref:../tasks/Tasks-Processes.adoc#sect-Defensive_Coding-Tasks-Processes-environ[Specifying the Process Environment]) * `setenv` ⟶ explicit `envp` argument in process creation -(see <>) +(see xref:../tasks/Tasks-Processes.adoc#sect-Defensive_Coding-Tasks-Processes-environ[Specifying the Process Environment]) * `strdupa` ⟶ `strdup` and `free` @@ -102,11 +102,11 @@ explicit `envp` argument in process creation * `system` ⟶ `posix_spawn` or `fork`pass:attributes[{blank}]/pass:attributes[{blank}]`execve`pass:attributes[{blank}]/ -(see <>) +(see xref:../tasks/Tasks-Processes.adoc#sect-Defensive_Coding-Tasks-Processes-execve[Bypassing the Shell]) * `unsetenv` ⟶ explicit `envp` argument in process creation -(see <>) +(see xref:../tasks/Tasks-Processes.adoc#sect-Defensive_Coding-Tasks-Processes-environ[Specifying the Process Environment]) [[sect-Defensive_Coding-C-String-Functions-Length]] === String Functions with Explicit Length Arguments diff --git a/modules/ROOT/pages/programming-languages/CXX-Language.adoc b/modules/ROOT/pages/programming-languages/CXX-Language.adoc index 26ee5dc..339882a 100644 --- a/modules/ROOT/pages/programming-languages/CXX-Language.adoc +++ b/modules/ROOT/pages/programming-languages/CXX-Language.adoc @@ -5,7 +5,7 @@ == The Core Language C++ includes a large subset of the C language. As far as the C -subset is used, the recommendations in <> apply. +subset is used, the recommendations in xref:../programming-languages/C.adoc#chap-Defensive_Coding-C[Defensive Coding in C] apply. === Array Allocation with `operator new[]` @@ -29,18 +29,18 @@ and the sources will be compiled with older GCC versions, code which allocates arrays with a variable length must check for overflow manually. For the `new T[n]` example, the size check could be `n || (n > 0 && n > -(size_t(-1) - 8) / sizeof(T))`. (See <>.) If there are +(size_t(-1) - 8) / sizeof(T))`. (See xref:../programming-languages/C-Language.adoc#sect-Defensive_Coding-C-Arithmetic[Recommendations for Integer Arithmetic]) If there are additional dimensions (which must be constants according to the {cpp} standard), these should be included as factors in the divisor. These countermeasures prevent out-of-bounds writes and potential code execution. Very large memory allocations can still lead to -a denial of service. <> +a denial of service. xref:../tasks/Tasks-Serialization.adoc#sect-Defensive_Coding-Tasks-Serialization-Decoders[Recommendations for Manually-written Decoders] contains suggestions for mitigating this problem when processing untrusted data. -See <> +See xref:../tasks/programming-languages/C-Allocators.adoc#sect-Defensive_Coding-C-Allocators-Arrays[Array Allocation] for array allocation advice for C-style memory allocation. === Overloading diff --git a/modules/ROOT/pages/programming-languages/CXX-Std.adoc b/modules/ROOT/pages/programming-languages/CXX-Std.adoc index 5db86a2..9f544d9 100644 --- a/modules/ROOT/pages/programming-languages/CXX-Std.adoc +++ b/modules/ROOT/pages/programming-languages/CXX-Std.adoc @@ -5,7 +5,7 @@ == The C++ Standard Library The C++ standard library includes most of its C counterpart -by reference, see <>. +by reference, see xref:../programming-languages/C.adoc#chap-Defensive_Coding-C[Defensive Coding in C. [[sect-Defensive_Coding-CXX-Std-Functions]] === Functions That Are Difficult to Use diff --git a/modules/ROOT/pages/programming-languages/Python.adoc b/modules/ROOT/pages/programming-languages/Python.adoc index c9637dc..74e2637 100644 --- a/modules/ROOT/pages/programming-languages/Python.adoc +++ b/modules/ROOT/pages/programming-languages/Python.adoc @@ -11,21 +11,21 @@ interpreter or standard library itself. Other sections with Python-specific advice include: -* <> +* xref:../tasks/Tasks-Temporary_Files.adoc#chap-Defensive_Coding-Tasks-Temporary_Files[Dealing with temp files] -* <> +* xref:../tasks/Tasks-Processes.adoc#sect-Defensive_Coding-Tasks-Processes-Creation[Creating Safe Processes] -* <>, in -particular <> +* xref:../tasks/Tasks-Serialization.adoc#chap-Defensive_Coding-Tasks-Serialization[Serialization and Deserialization], in +particular xref:../tasks/Tasks-Serialization.adoc#sect-Defensive_Coding-Tasks-Serialization-Library[Library Support for Deserialization] -* <> +* xref:../tasks/Tasks-Cryptography.adoc#sect-Defensive_Coding-Tasks-Cryptography-Randomness[Randomness] == Dangerous Standard Library Features Some areas of the standard library, notably the `ctypes` module, do not provide memory safety guarantees comparable to the rest of Python. If such -functionality is used, the advice in <> should be followed. +functionality is used, the advice in xref:../programming-languages/C.adoc#chap-Defensive_Coding-C[Defensive Coding in C] should be followed. == Run-time Compilation and Code Generation diff --git a/modules/ROOT/pages/programming-languages/Vala.adoc b/modules/ROOT/pages/programming-languages/Vala.adoc index 7d493d2..86caeb2 100644 --- a/modules/ROOT/pages/programming-languages/Vala.adoc +++ b/modules/ROOT/pages/programming-languages/Vala.adoc @@ -11,12 +11,12 @@ unlike C# and Java, Vala does not attempt to provide memory safety: Vala is compiled to C, and the C code is compiled with GCC using typical compiler flags. Basic operations like integer arithmetic are directly mapped to C constructs. As a results, the -recommendations in <> apply. +recommendations in xref:../programming-languages/C.adoc#chap-Defensive_Coding-C[Defensive Coding in C] apply. In particular, the following Vala language constructs can result in undefined behavior at run time: -* Integer arithmetic, as described in <>. +* Integer arithmetic, as described in xref:../programming-languages/C-Language.adoc#sect-Defensive_Coding-C-Arithmetic[Recommendations for Integer Arithmetic]. * Pointer arithmetic, string subscripting and the `substring` method on strings (the @@ -26,11 +26,11 @@ is the responsibility of the calling code to ensure that the arguments being passed are valid. This applies even to cases (like `substring`) where the implementation would have range information to check the validity of indexes. -See <>. +See xref:../programming-languages/C-Language.adoc#sect-Defensive_Coding-C-Pointers[Recommendations for Pointers and Array Handling] * Similarly, Vala only performs garbage collection (through reference counting) for `GObject` values. For plain C pointers (such as strings), the programmer has to ensure that storage is deallocated once it is no longer needed (to avoid memory leaks), and that storage is not being deallocated -while it is still being used (see <>). +while it is still being used (see xref:../programming-languages/C-Allocators.adoc#sect-Defensive_Coding-C-Use-After-Free[Use-after-free errors]).