WhatsApp BO critical security vulnerability
Walter Bright
newshound2 at digitalmars.com
Thu May 16 16:17:45 UTC 2019
On 5/15/2019 6:19 PM, Exil wrote:
> Wouldn't be surprised if it had something to do with
> data received over the network. I always see people write code with assumptions
> that the data will be valid. A good assumption would be that it can't be trusted.
Using asserts and relying on array bounds checking to check the validity of
incoming data is incorrect.
Asserts and bounds checking are for detecting bugs in the program's logic.
Scrubbing input data for correctness is normal program behavior, and should
never be disabled.
More information about the Digitalmars-d
mailing list