A serious security bug... caused by no bounds checking.
Paulo Pinto
pjmlp at progtools.org
Tue Apr 8 09:58:42 PDT 2014
Am 08.04.2014 18:20, schrieb Steven Schveighoffer:
> On Tue, 08 Apr 2014 11:55:35 -0400, Paulo Pinto <pjmlp at progtools.org>
> wrote:
>
>> Am 08.04.2014 16:57, schrieb Steven Schveighoffer:
>>> Note, you can disable bounds checking on an expression basis by
>>> replacing this:
>>>
>>> arr[x]
>>>
>>> with this:
>>>
>>> arr.ptr[x]
>>>
>>> The only tricky part is if you have to slice, and you are using $:
>>>
>>> arr.ptr[x..$]
>>>
>>> doesn't work, you have to use:
>>>
>>> arr.ptr[x..arr.length]
>>>
>>
>> Is that only allowed in @system?
>
> Probably. Is that an issue? Disabling bounds-checking in @safe code is a
> bad idea.
>
> -Steve
Completely agree. I expressed myself badly.
I think it should only be allowed in @system code.
--
Paulo
More information about the Digitalmars-d
mailing list