JTC 1/SC 22/WG 23 C++ Vulnerability Discussions    WG 23 N1515
		September 29 2025

Participants
    Stephen Michell - convenor, SCC
    Richard Corden - USA
    Erhard Ploedereder - liaison
    Paul Preney - Canada
    Matt Butler - USA

 Regrets
    Peter Sommerlad - Switzerland
    Loic Joly - AFNOR

    
Actions:
Paul broke clause 7 inti its subparts in GitHub.

Issues addressed

Clause 7.5 Coroutines
   Provided an initial writeup of coroutines by Paul. Group editing. Significant more needed.
   Paul to restructure as
     1) using coroutines defined in library environments
     2) roll-your-own coroutines.

Paul will separate the clause 7 material into separate files for better control.

Issue 6.66 - minor changes. 


Clause 6.39 Memory leak and heap fragmentation. Improved text but still working on atomic shared pointers.

FROM THE CHAT 2025-09-29:

10:35:15 From Paul Preney to Everyone:
	## 7.4 Placement new issues
	
10:35:21 From Paul Preney to Everyone:
	### 7.4.1 Description of Vulnerability
	
10:35:26 From Paul Preney to Everyone:
	### 7.4.2 Cross Reference
	
10:35:32 From Paul Preney to Everyone:
	### 7.4.3 Mechanism of Failure
	
10:35:38 From Paul Preney to Everyone:
	### 7.4.4 Avoiding the vulnerability or mitigating its effects
	
11:00:44 From Richard Corden to Everyone:
	https://eel.is/c++draft/lex.header#nt:h-char
	
11:04:16 From Richard Corden to Everyone:
	https://eel.is/c++draft/lex#charset-1
	
11:52:53 From Paul Preney to Everyone:
	https://en.cppreference.com/w/cpp/memory/weak_ptr.html
	
11:53:03 From Paul Preney to Everyone:
	https://en.cppreference.com/w/cpp/memory/shared_ptr.html
	
11:55:21 From Richard Corden to Everyone:
	https://eel.is/c++draft/mem#util.smartptr.shared.general-1
	
12:38:25 From Matthew Butler to Everyone:
	This was my first contribution to the standard when I first started on the committee. The example in section 31.8.7.1:
	
12:38:28 From Matthew Butler to Everyone:
	template<typename T> class atomic_list { 
	struct node { 
	T t; 
	shared_ptr<node> next; 
	}; 
	atomic<shared_ptr<node>> head; 
	public: 
	auto find(T t) const { 
	auto p = head.load(); 
	while (p && p->t != t) 
	p = p->next; 
	return shared_ptr<node>(move(p)); 
	} 
	void push_front(T t) { 
	auto p = make_shared<node>(); 
	p->t = t; 
	p->next = head; 
	while (!head.compare_exchange_weak(p->next, p)) {} 
	} 
	};
	
12:46:25 From Richard Corden to Everyone:
	```
	void f4()
	{
	std::shared_ptr p1 = std::make_shared< int >( 1 );
	std::shared_ptr p2 = std::make_shared< int >( 2 );
	auto t = std::thread( [ &p1, p2 ]() // p2 is captured by value
	{
	p1 = std::make_shared< int >( 5 );
	p2 = std::make_shared< int >( 5 );
	} );
	std::cout << *p1 << *p2;
	t.join();
	}
	```
	
12:58:03 From Richard Corden to Everyone:
	In a concurrent context, `std::shared_ptr`{.cpp} (and `std::weak_ptr`{.cpp})
	store a pointer to the owned object and the associated control block.
	
```