A serious security bug... caused by no bounds checking.
Sönke Ludwig
sludwig+dforum at outerproduct.org
Tue Apr 8 01:49:51 PDT 2014
Am 08.04.2014 04:11, schrieb Nick Sabalausky:
> On 4/7/2014 9:59 PM, Ary Borenszweig wrote:
>> On 4/7/14, 8:28 PM, w0rp wrote:
>>> http://heartbleed.com/
>>>
>>> This bug has been getting around. The bug was caused by missing bounds
>>> checking.
>>>
>>> I'm glad to be using a language with bounds checking.
>>
>> http://www.reddit.com/r/programming/comments/21m0bz/warp_a_fast_c_and_c_preprocessor/cged2y6
>>
>>
>>
>> I think that flag shouldn't exist.
>>
>
> I think it's potentially useful on a very careful per-module basis for
> certain modules specifically intended for no compiler-inserted bounds
> checking (or better yet, for specific blocks of code). But I certainly
> would never compile a whole program with it. That's just asking for
> trouble.
>
Sounds like adding a pragma instead would be a good idea. Of course that
should make any affected code automatically @system.
More information about the Digitalmars-d
mailing list