A serious security bug... caused by no bounds checking.

Nick Sabalausky SeeWebsiteToContactMe at semitwist.com
Mon Apr 7 19:11:46 PDT 2014


On 4/7/2014 9:59 PM, Ary Borenszweig wrote:
> On 4/7/14, 8:28 PM, w0rp wrote:
>> http://heartbleed.com/
>>
>> This bug has been getting around. The bug was caused by missing bounds
>> checking.
>>
>> I'm glad to be using a language with bounds checking.
>
> http://www.reddit.com/r/programming/comments/21m0bz/warp_a_fast_c_and_c_preprocessor/cged2y6
>
>
> I think that flag shouldn't exist.
>

I think it's potentially useful on a very careful per-module basis for 
certain modules specifically intended for no compiler-inserted bounds 
checking (or better yet, for specific blocks of code). But I certainly 
would never compile a whole program with it. That's just asking for trouble.



More information about the Digitalmars-d mailing list