A serious security bug... caused by no bounds checking.
Steven Schveighoffer
schveiguy at yahoo.com
Thu Apr 10 10:12:47 PDT 2014
On Thu, 10 Apr 2014 12:49:26 -0400, Tommi <tommitissari at hotmail.com> wrote:
> On Thursday, 10 April 2014 at 15:00:34 UTC, Steven Schveighoffer wrote:
>> No, the author of the @safe code expects bounds checking, it's part of
>> the requirements. To compile his code with it off is like having a
>> -compilergeneratedhash switch that overrides any toHash functions with
>> a compiler generated one. You are changing the agreement between the
>> compiler and the code.
>
> Obviously if such or any other compiler flags exist, their existence and
> behaviour has been specified in binding agreement between the compiler
> and the source code, and thus, no breach of contract has happened if
> such compiler flags were used.
A compiler flag is a blunt instrument. It affects all code the compiler
touches, which may or may not affect code that you are intending to change.
For example:
// compiled without -noboundscheck
module compiledlib;
void foo(T)(T[] x) @safe
{
x[5] = 3;
}
...
// compiled with -noboundscheck
main() @safe
{
foo([1,2,3]); // memory now corrupted, no warning, no runtime error.
}
-Steve
More information about the Digitalmars-d
mailing list