@trust is an encapsulation method, not an escape
Kagamin via Digitalmars-d
digitalmars-d at puremagic.com
Fri Feb 6 04:17:54 PST 2015
On Friday, 6 February 2015 at 08:58:05 UTC, Walter Bright wrote:
> On 2/6/2015 12:31 AM, Kagamin wrote:
>> On Thursday, 5 February 2015 at 23:39:39 UTC, Walter Bright
>> wrote:
>>> static void trustedMemcopy(T[] dest, T[] src) @trusted
>>> {
>>> assert(src.length == dest.length);
>>> memcpy(dest.ptr, src.ptr, src.length * T.sizeof);
>>> }
>>
>> Should be enforce: assert doesn't guard against malicious
>> usage.
>
> Cue my endless attempts to explain the difference between input
> errors and logic errors :-(
A little offtop: if this function is compiled in release mode and
compiler assumes assert holds, it's free to use dest.length
instead of src.length and if at runtime dest is longer than src,
this will create heartbleed-like bug in safe code.
More information about the Digitalmars-d
mailing list