A serious security bug... caused by no bounds checking.
Steven Schveighoffer
schveiguy at yahoo.com
Tue Apr 8 07:57:51 PDT 2014
On Tue, 08 Apr 2014 04:50:29 -0400, Paulo Pinto <pjmlp at progtools.org>
wrote:
> On Tuesday, 8 April 2014 at 01:59:50 UTC, Ary Borenszweig wrote:
>> On 4/7/14, 8:28 PM, w0rp wrote:
>>> http://heartbleed.com/
>>>
>>> This bug has been getting around. The bug was caused by missing bounds
>>> checking.
>>>
>>> I'm glad to be using a language with bounds checking.
>>
>> http://www.reddit.com/r/programming/comments/21m0bz/warp_a_fast_c_and_c_preprocessor/cged2y6
>>
>> I think that flag shouldn't exist.
>
> Personally I think it should exist, but in a more controlled way, a
> compiler pragma.
>
> For example Turbo Pascal has something like {$R -} code {$R +}.
Note, you can disable bounds checking on an expression basis by replacing
this:
arr[x]
with this:
arr.ptr[x]
The only tricky part is if you have to slice, and you are using $:
arr.ptr[x..$]
doesn't work, you have to use:
arr.ptr[x..arr.length]
-Steve
More information about the Digitalmars-d
mailing list