A serious security bug... caused by no bounds checking.
Paulo Pinto
pjmlp at progtools.org
Tue Apr 8 08:55:35 PDT 2014
Am 08.04.2014 16:57, schrieb Steven Schveighoffer:
> On Tue, 08 Apr 2014 04:50:29 -0400, Paulo Pinto <pjmlp at progtools.org>
> wrote:
>
>> On Tuesday, 8 April 2014 at 01:59:50 UTC, Ary Borenszweig wrote:
>>> On 4/7/14, 8:28 PM, w0rp wrote:
>>>> http://heartbleed.com/
>>>>
>>>> This bug has been getting around. The bug was caused by missing bounds
>>>> checking.
>>>>
>>>> I'm glad to be using a language with bounds checking.
>>>
>>> http://www.reddit.com/r/programming/comments/21m0bz/warp_a_fast_c_and_c_preprocessor/cged2y6
>>>
>>>
>>> I think that flag shouldn't exist.
>>
>> Personally I think it should exist, but in a more controlled way, a
>> compiler pragma.
>>
>> For example Turbo Pascal has something like {$R -} code {$R +}.
>
> Note, you can disable bounds checking on an expression basis by
> replacing this:
>
> arr[x]
>
> with this:
>
> arr.ptr[x]
>
> The only tricky part is if you have to slice, and you are using $:
>
> arr.ptr[x..$]
>
> doesn't work, you have to use:
>
> arr.ptr[x..arr.length]
>
> -Steve
Is that only allowed in @system?
--
Paulo
More information about the Digitalmars-d
mailing list