Welcome to NeoOffice developer notes and announcements
NeoOffice
Developer notes and announcements
 
 

This website is an archive and is no longer active
NeoOffice announcements have moved to the NeoOffice News website


Support
· Forums
· NeoOffice Support
· NeoWiki


Announcements
· Twitter @NeoOffice


Downloads
· Download NeoOffice


  
NeoOffice :: View topic - NeoOffice and OpenOffice.org 2.4.1 Security Fix
NeoOffice and OpenOffice.org 2.4.1 Security Fix
 
   NeoOffice Forum Index -> NeoOffice Development
View previous topic :: View next topic  
Author Message
pluby
The Architect
The Architect


Joined: Jun 16, 2003
Posts: 11949

PostPosted: Sun Jun 29, 2008 5:33 pm    Post subject: NeoOffice and OpenOffice.org 2.4.1 Security Fix

FYI. Ed and I reviewed this OpenOffice.org security bulletin this weekend and the good news is that none of the NeoOffice 2.x versions were ever affected by this security vulnerability.

For those that are curious, when we first upgraded the NeoOffice code to OpenOffice.org 2.0, we found that the OpenOffice.org custom memory allocation functions caused NeoOffice to crash. To fix this crashing, we turned off their custom functions and, instead, used the standard C malloc() and free() functions. Since malloc() and free() are Mac OS X functions and not custom OpenOffice.org code, NeoOffice is not affected by the security vulnerability.

Patrick
Back to top
MacRat
Sake Horner
Sake Horner


Joined: Mar 02, 2006
Posts: 364
Location: Earth

PostPosted: Sun Jun 29, 2008 6:30 pm    Post subject:

Wow. Using the Mac OS APIs results in security?

Who would have thought that! Laughing
Back to top
sardisson
Town Crier
Town Crier


Joined: Feb 01, 2004
Posts: 4588

PostPosted: Sun Jun 29, 2008 8:21 pm    Post subject:

I've never understood the desire of developers to write their own memory management functions instead of using the OS ones Shocked

It seems an extreme case of hubris to believe that a handful of people whose specialty is some other kind of software can create a better memory allocator than one that's well-used and (presumably) well-tested by developers of a core operating system (which requires those functions to be effective, bug-free, and performant)....

Smokey

_________________
"[...] whether the duck drinks hot chocolate or coffee is irrelevant." -- ovvldc and sardisson in the NeoWiki
Back to top
pluby
The Architect
The Architect


Joined: Jun 16, 2003
Posts: 11949

PostPosted: Sun Jun 29, 2008 9:13 pm    Post subject:

sardisson wrote:
It seems an extreme case of hubris to believe that a handful of people whose specialty is some other kind of software can create a better memory allocator than one that's well-used and (presumably) well-tested by developers of a core operating system (which requires those functions to be effective, bug-free, and performant)....


I totally agree with you on this point. Reinventing the wheel may be interesting, but since in this case means reimplementing stable functions that, when they work, users never notice, this is all risk and no possible gain.

Maybe some would argue that there are performance improvements to be gained, but since I have not seen any hard performance statistics from OOo's engineers, I would find it hard to believe that there are 10% or 20% gains to be had over the operating system's implementation.

Just my two cents,

Patrick
Back to top
Display posts from previous:   
   NeoOffice Forum Index -> NeoOffice Development All times are GMT - 7 Hours
Page 1 of 1

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Powered by phpBB © 2001, 2005 phpBB Group

All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © Planamesa Inc.
NeoOffice is a registered trademark of Planamesa Inc. and may not be used without permission.
PHP-Nuke Copyright © 2005 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.