[Issue 19819] __FILE__ might emit personally identifiable information in release executable

d-bugmail at puremagic.com d-bugmail at puremagic.com
Wed Apr 24 01:03:54 UTC 2019


https://issues.dlang.org/show_bug.cgi?id=19819

--- Comment #4 from Lionello Lunesu <lio+bugzilla at lunesu.com> ---
(In reply to Seb from comment #3)
> I am not sure how this could leak secure data. If you do a release build,
> you typically strip away all debug information anyhow and that includes
> __FILE__.

Any usage of __FILE__ becomes a string literal and ends up in release builds as
well. Which makes sense, but was a bit surprising to me.

> Do you have a concrete example on how this could be dangerous or is this
> just a general concern?

My second example shows how my username ended up in the executable, but it
could be all kinds of private information: the product name, or a customer
name.

--


More information about the Digitalmars-d-bugs mailing list