Handling invalid UTF sequences

monarch_dodra monarchdodra at gmail.com
Sat Mar 22 14:43:32 PDT 2014


On Friday, 21 March 2014 at 10:39:49 UTC, Denis Shelomovskij 
wrote:
> 21.03.2014 12:25, monarch_dodra пишет:
>> If I remember correctly, with a specially written UTF string, 
>> it *was*
>> possible to corrupt program state. I think. I need to double 
>> check. I
>> didn't give it much thought then ("it should virtually never 
>> happen"),
>> but it could be used as deliberate security vulnerability.
>
> Almost nothing to add here. We already have `-noboundscheck` 
> which can dramatically increase performance, throwing 
> `UTFError` should either use same mechanics (`-noutfcheck`?) or 
> just be stripped in release. Personally I'd choose the latter 
> as there are lots of (sometimes very slow) assertions stripped 
> with `-release` in real programs, which indicates same critical 
> data corruption.

Except it's an Unicode *Exception*. Invalid unicode is *NOT* 
supposed to be an error.

Now I remember: Truncated unicode strings can cause slicing out 
of bounds in popFront.

This means we are currently operating on a double standard of 
sometimes exception, sometimes error, sometimes corruption.


More information about the Digitalmars-d mailing list