A serious security bug... caused by no bounds checking.
Nick Sabalausky
SeeWebsiteToContactMe at semitwist.com
Mon Apr 7 19:50:49 PDT 2014
On 4/7/2014 10:17 PM, Orvid King wrote:
> On Mon, 07 Apr 2014 20:59:50 -0500, Ary Borenszweig
> <ary at esperanto.org.ar> wrote:
>
>> On 4/7/14, 8:28 PM, w0rp wrote:
>>> http://heartbleed.com/
>>>
>>> This bug has been getting around. The bug was caused by missing bounds
>>> checking.
>>>
>>> I'm glad to be using a language with bounds checking.
>>
>> http://www.reddit.com/r/programming/comments/21m0bz/warp_a_fast_c_and_c_preprocessor/cged2y6
>>
>>
>> I think that flag shouldn't exist.
>>
>
> The bad thing is, I have some code that having bounds checks enabled
> actually improves the speed of.
Not surprised, but I imagine it's likely only a handful of places where
the bounds checking is actually slowing things down noticeably. If you
sniffed those out with a profiler and had a good way to get around
bounds checking for those specific cases, I'd bet you'd get nearly the
same speedup without sacrificing much safety.
More information about the Digitalmars-d
mailing list