@trust is an encapsulation method, not an escape
Walter Bright via Digitalmars-d
digitalmars-d at puremagic.com
Fri Feb 6 13:14:44 PST 2015
On 2/6/2015 4:17 AM, Kagamin wrote:
> On Friday, 6 February 2015 at 08:58:05 UTC, Walter Bright wrote:
>> On 2/6/2015 12:31 AM, Kagamin wrote:
>>> On Thursday, 5 February 2015 at 23:39:39 UTC, Walter Bright wrote:
>>>> static void trustedMemcopy(T[] dest, T[] src) @trusted
>>>> {
>>>> assert(src.length == dest.length);
>>>> memcpy(dest.ptr, src.ptr, src.length * T.sizeof);
>>>> }
>>>
>>> Should be enforce: assert doesn't guard against malicious usage.
>>
>> Cue my endless attempts to explain the difference between input errors and
>> logic errors :-(
>
> A little offtop: if this function is compiled in release mode and compiler
> assumes assert holds, it's free to use dest.length instead of src.length and if
> at runtime dest is longer than src, this will create heartbleed-like bug in safe
> code.
Sigh. Please visit your nearest Catholic school and ask one of the nuns to
thwack your knuckles with a ruler!
More information about the Digitalmars-d
mailing list