A serious security bug... caused by no bounds checking.
Steven Schveighoffer
schveiguy at yahoo.com
Tue Apr 8 13:50:35 PDT 2014
On Tue, 08 Apr 2014 16:07:53 -0400, Brad Anderson <eco at gnuk.net> wrote:
> On Tuesday, 8 April 2014 at 19:47:02 UTC, Andrei Alexandrescu wrote:
>> On 4/8/14, 1:47 AM, Paulo Pinto wrote:
>>> Me too am glad see bounds checking in D by default.
>>
>> For the record, dmd used to remove bounds checking in -release mode.
>> I've asked Walter to add a new flag for that, independent from
>> -release, thus keeping release builds safer. It was the first and last
>> time when I used "if you don't do this, I can't work on D anymore"
>> card. True story.
>>
>>
>> Andrei
>
> There is a lot of confusion about this so I looked into it.
>
> dmd still removes bound checking in non- at safe code when you specify
> -release. -noboundscheck just causes it to remove bounds checking in
> @safe code too. This is why I think it should be renamed
> -nosafeboundschecking or something similar.
This does not sound correct. In NO case should you be able to remove
bounds checking in @safe code.
-Steve
More information about the Digitalmars-d
mailing list