Comment by duneroadrunner

8 years ago

I'm not familiar with Ragel, but you might consider adding support for SaferCPlusPlus[1] as an output target. It should be a fairly simple modification of your existing C or C++ output generator. SaferCPlusPlus was, in part, designed for this (I mean, CloudFlare's) sort of situation - using C/C++ in internet facing applications.

[1] https://github.com/duneroadrunner/SaferCPlusPlus

Actually, the Ragel generated code (fragment) looks like it's already pretty SaferCPlusPlus compliant, since it itself doesn't declare any buffers or pointer/iterators. So I guess the recommendation instead would be for CloudFlare, and anyone else writing nginx modules in C/C++, to wrap any nginx-supplied buffers in a bounds-checked wrapper (like an array_view[1], gsl::span, or RandomAccessSection[2]).

[1] https://github.com/rhysd/array_view

[2] https://github.com/duneroadrunner/SaferCPlusPlus#txscoperand...