You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is related to controversial topic of Annex K bound checkers added as an optional extension in C11. This thread here provides some background detail, with reasonably written community feedback about the usefulness of Annex K.
This triggers a false-positive with some strict code analysis tooling when Secure Development Lifecycle checks are turned on. I already recommended the customer to temporarily suppress the warning just around this compilation unit. Since it is false-positive in this context.
My goal is to fix this for ETW exporter. Unfortunately fixing it one thing at a time won't necessarily bring us anyhow closer to totally making code std::copy-free, since the same pattern is actively employed by nlohmann/json.hpp and some parts of Google Abseil library.
Perhaps part of the fix should be to establish a CI/CD pipeline for Windows, to ensure that the entire codebase (core parts of API and SDK) remain compliant with secure coding practices on Windows. It is progressively harder for many customers to keep suppressing these (perhaps unnecessarily strict) warnings in their own builds.
The text was updated successfully, but these errors were encountered:
This is related to controversial topic of Annex K bound checkers added as an optional extension in C11. This thread here provides some background detail, with reasonably written community feedback about the usefulness of Annex K.
ETW exporter uses
std::copy
here:opentelemetry-cpp/exporters/etw/include/opentelemetry/exporters/etw/etw_tracer.h
Line 305 in 32f10c7
This triggers a false-positive with some strict code analysis tooling when Secure Development Lifecycle checks are turned on. I already recommended the customer to temporarily suppress the warning just around this compilation unit. Since it is false-positive in this context.
My goal is to fix this for ETW exporter. Unfortunately fixing it one thing at a time won't necessarily bring us anyhow closer to totally making code
std::copy
-free, since the same pattern is actively employed bynlohmann/json.hpp
and some parts of Google Abseil library.Perhaps part of the fix should be to establish a CI/CD pipeline for Windows, to ensure that the entire codebase (core parts of API and SDK) remain compliant with secure coding practices on Windows. It is progressively harder for many customers to keep suppressing these (perhaps unnecessarily strict) warnings in their own builds.
The text was updated successfully, but these errors were encountered: