A serious security bug... caused by no bounds checking.
Brad Anderson
eco at gnuk.net
Tue Apr 8 13:07:53 PDT 2014
On Tuesday, 8 April 2014 at 19:47:02 UTC, Andrei Alexandrescu
wrote:
> On 4/8/14, 1:47 AM, Paulo Pinto wrote:
>> Me too am glad see bounds checking in D by default.
>
> For the record, dmd used to remove bounds checking in -release
> mode. I've asked Walter to add a new flag for that, independent
> from -release, thus keeping release builds safer. It was the
> first and last time when I used "if you don't do this, I can't
> work on D anymore" card. True story.
>
>
> Andrei
There is a lot of confusion about this so I looked into it.
dmd still removes bound checking in non- at safe code when you
specify -release. -noboundscheck just causes it to remove bounds
checking in @safe code too. This is why I think it should be
renamed -nosafeboundschecking or something similar.
In dmd's source, useArrayBounds is set to 2 by default (which
does bounds checking in all code). -release sets it to 1 (which
only checks @safe code). -noboundscheck sets it to 0 (which
causes it to emit no bounds checking).
More information about the Digitalmars-d
mailing list