[Issue 19916] union member access should be un- at safe
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Thu May 30 08:56:40 UTC 2019
https://issues.dlang.org/show_bug.cgi?id=19916
Dennis <dkorpel at live.nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dkorpel at live.nl
--- Comment #7 from Dennis <dkorpel at live.nl> ---
(In reply to Manu from comment #6)
> Accessing uninitialised memory is absolutely a memory safety issue.
Not per se. This compiles, prints a random number, and doesn't corrupt memory.
```
import std;
void main() @safe
{
int a = void;
writeln(a);
}
```
> I don't know where this idea that it has strictly to do with pointers comes from?
> Why would safety be limited that way?
Paraphrasing Walter from his DConf 2017 keynote, memory safety is not about 'no
memory related bugs', it's "a concern in software development that aims to
avoid software bugs that cause security vulnerabilities dealing with
random-access memory (RAM) access, such as buffer overflows and dangling
pointers". Uninitialized / overlapped pointers can cause such issues,
uninitialized integers can not.
Disallowing a simple harmless sum-type in @safe invites more use of @trusted
giving more opportunities for actual memory corrupting bugs to creep in. Not to
mention it would break existing code.
Unless there is a way to actually corrupt memory in @safe code using this
(without using @trusted) it's not something @safe should prevent.
--
More information about the Digitalmars-d-bugs
mailing list