Content deleted Content added
m Clean up spacing errors around ref tags., replaced: /ref>b → /ref> b |
|||
Line 225:
</syntaxhighlight>
This is why the ''pointer placement'' delete functions are defined as no-operations by the Standard C++ library. Since the pointer placement new functions do not allocate any storage, there is no storage to <ref name=":0">{{Cite journal|last=Kundu|first=Ashish|last2=Bertino|first2=Elisa|date=June 2011|title=A New Class of Buffer Overflow Attacks|url=https://ieeexplore.ieee.org/document/5961725|journal=2011 31st International Conference on Distributed Computing Systems|pages=730–739|doi=10.1109/ICDCS.2011.63|via=IEEE}}</ref> be deallocated in the event of the object's constructor throwing an exception.<ref name=SolterKleper2005 />
If no matching placement delete function exists, no deallocation function is called in the event of an exception being thrown by a constructor within a placement <code>new</code> expression. There are also some (older) C++ implementations that do not support placement delete (which, like the exception-throwing allocator functions, were an addition made to C++ when it was standardized) at all. In both such situations, an exception being thrown by a constructor when allocating using a custom allocator will result in a memory leak. (In the case of the older C++ implementations, a memory leak will also occur with ''non-''placement <code>new</code> expressions.)<ref name=Meyers1998 /><ref name=Anderson1998b />
== Security ==
Placement new expressions are vulnerable to security exploits. In 2011, Kundu and Bertino<ref name=":0" /> demonstrated some of the exploits on placement new. Some of the attacks are buffer overflow attacks, object overflow, selective stackguard overriding, virtual pointer subterfuge, memory misalignment attacks. In 2015, GCC released a patch<ref>{{Cite web|title=Martin Sebor - [PING] [PATCH] c++/67942 - diagnose placement new buffer overflow|url=https://gcc.gnu.org/legacy-ml/gcc-patches/2015-10/msg02001.html|access-date=2020-06-15|website=gcc.gnu.org}}</ref> based on the findings in.<ref name=":0" />
== Notes ==
| |||