[Issue 20870] New: std.outbuffer.printf is trusted
d-bugmail at puremagic.com
d-bugmail at puremagic.com
Thu May 28 11:18:58 UTC 2020
https://issues.dlang.org/show_bug.cgi?id=20870
Issue ID: 20870
Summary: std.outbuffer.printf is trusted
Product: D
Version: D2
Hardware: x86
OS: Mac OS X
Status: NEW
Keywords: safe
Severity: enhancement
Priority: P1
Component: phobos
Assignee: nobody at puremagic.com
Reporter: pro.mathias.lang at gmail.com
I don't know how that made it past code review.
```
import std.outbuffer;
import std.stdio;
void main() @safe
{
char[8] arr = 'a';
auto buff = new OutBuffer();
buff.printf("%.*s", 450000, &arr[0]);
writeln(buff.toString());
}
```
This reads random characters off the stack.
--
More information about the Digitalmars-d-bugs
mailing list