checkedint call removal
Timon Gehr via Digitalmars-d
digitalmars-d at puremagic.com
Sun Aug 3 07:10:28 PDT 2014
On 08/03/2014 03:01 PM, Paolo Invernizzi wrote:
> On Sunday, 3 August 2014 at 10:49:39 UTC, Timon Gehr wrote:
>> On 08/03/2014 11:15 AM, Paolo Invernizzi wrote:
>>> because every few milliseconds an assert is triggered
>>
>> Right, and software does not have security holes because otherwise
>> they would obviously be exploited every few milliseconds during
>> in-house testing.
>
> That is a totally different matter:
Well, no.
> security holes are about things that
> the programmer is _totally missing_,
The programmer(s!) may be _totally missing_ the conditions that lead to
an assertion failure. In fact, unless assertions are intentionally
misused, this is always the case.
> and someone is seeing and exploiting that.
(Undefined behaviour introduced in this way may be exploitable.)
> ... can you rephrase please?
If wrong assertions would indeed fail every few milliseconds, then a way
to show an assertion to be correct beyond reasonable doubt is to add the
test of the condition to the program and then run it for a few milliseconds.
More information about the Digitalmars-d
mailing list