Overflows in Phobos
Timon Gehr via Digitalmars-d
digitalmars-d at puremagic.com
Tue Jul 26 07:28:48 PDT 2016
On 26.07.2016 00:17, Walter Bright wrote:
> In poking around in Phobos, I found a number of cases like:
>
> https://github.com/dlang/phobos/pull/4655
>
> where overflow is possible in calculating storage sizes. Since
> allocation normally happens in @trusted code, these are a
> safety/security hole.
> ...
According to the language documentation, the patch does not fix the problem.
https://dlang.org/spec/expression.html#AssertExpression
"The expression assert(0) is a special case; it signifies that it is
unreachable code. [...] The optimization and code generation phases of
compilation may assume that it is unreachable code."
One way the optimizer can use the assumption is for optimizing away the
overflow check.
Your patch is just telling the optimizer that there is actually no
security hole, even when that is not true. It is a bad idea to conflate
assert and assume.
More information about the Digitalmars-d
mailing list