https://www.secdev.uk/blog/tags/templates/ Recent content in Templates on guy@secdev.uk Hugo en-gb Guy Dixon | guy@secdev.uk Sat, 08 Nov 2025 00:00:00 +0000 https://www.secdev.uk/blog/technology/2025-11-08-cpp-security-smart-pointers/ Sat, 08 Nov 2025 00:00:00 +0000 https://www.secdev.uk/blog/technology/2025-11-08-cpp-security-smart-pointers/ <p>The more I dug into C++ codebases, the more I noticed a recurring assumption: developers who think that switching to smart pointers and STL containers means they&rsquo;re safe from memory bugs. C++ adds RAII, smart pointers, containers, and type-safe abstractions on top of C&rsquo;s manual memory model, and these features genuinely eliminate many of C&rsquo;s most common vulnerabilities, <code>std::string</code> prevents buffer overflows, <code>std::unique_ptr</code> prevents memory leaks, and <code>std::vector</code> provides bounds-checked access via <code>.at()</code>. But C++ also introduces new attack surfaces that turn out to be even trickier to spot: dangling references from moved-from objects, iterator invalidation, implicit conversions in template code, and the false sense of security that comes from using &ldquo;safe&rdquo; abstractions incorrectly. In this post, I want to cover the C++-specific anti-patterns that survive code review because they look correct to developers who trust the standard library.</p>