Bad array indexing is considered deadly
Timon Gehr via Digitalmars-d
digitalmars-d at puremagic.com
Thu Jun 1 11:54:51 PDT 2017
On 01.06.2017 14:25, Paolo Invernizzi wrote:
>
>> I can detail exactly what happened in my code -- I am accepting dates
>> from a given week from a web request. One of the dates fell outside
>> the week, and so tried to access a 7 element array with index 9.
>> Nothing corrupted memory, but the runtime corrupted my entire process,
>> forcing a shutdown.
>
> And that's a good thing! The input should be validated, especially
> because we are talking about a web request.
>
> See it like being kind with the other side of the connection, informing
> it with a clear "rejected as the date is invalid".
>
> :-)
You seem to not understand what happened. There was a single server
serving multiple different web pages. There was an out-of-bounds error
due to a single user inserting invalid data into a single form with
missing data validation. The web server went down, killing all pages for
all users.
There is no question that input data should be validated, but if it
isn't, the response should be proportional. It's enough to kill the
request, log the exception , notify the developer, and maybe even
disable the specific web page.
More information about the Digitalmars-d
mailing list