Warnings / Compiler switch for secure programming
Matthias Walter
walter at mail.math.uni-magdeburg.de
Fri Mar 23 09:03:54 PDT 2007
I've read somewhere, that one can also use alloca() in D, which can be insecure, as it can lead to an exploitable stack overflow, if the amount of data to allocate can be controlled by the user. at least in most implementations. (i've seen a talk, where it was said, GCC's implementation is exploitable, too!)
Another thing is writefln() stuff, as it is also error-prone, if the format-stri
ng is not fixed. (it is in most cases, but if not, that's dangerous)
Maybe one could add compiler-flags, which activate warnings about possible insec
ure programming in these cases.
Just an idea :)
Matthias
More information about the Digitalmars-d
mailing list