WhatsApp BO critical security vulnerability
H. S. Teoh
hsteoh at quickfur.ath.cx
Thu May 16 16:57:12 UTC 2019
On Thu, May 16, 2019 at 01:19:41AM +0000, Exil via Digitalmars-d wrote:
> On Wednesday, 15 May 2019 at 22:45:44 UTC, Adam D. Ruppe wrote:
> > On Wednesday, 15 May 2019 at 22:42:34 UTC, H. S. Teoh wrote:
> > > Given the frequency and severity of buffer overflow and other
> > > memory-related bugs, people need a serious wakeup call to migrate
> > > away from languages that do not enforce bounds checking...
[...]
> > And this is why I *never* use dmd's -release or -boundscheck
> > switches. Just not worth the risk of taking out those checks.
>
> Depends on what you are doing, I always have those switches turned on,
> it's not worth the performance hit.
[...]
Are you using dmd or ldc? 'cos if you're concerned about performance,
you should be using ldc -O3 instead of dmd. I regularly get 20-30%
speedups just by compiling with ldc instead of dmd, sometimes as much as
40%. Compiling with -release -boundscheck on dmd just because of
performance is straining out the gnat but swallowing the camel.
And did you profile before using -release? Unless you're doing a lot of
array manipulations inside inner loops, I doubt bounds checking are the
source of your performance issues. If they are, your best bet is to put
that code in its own module and compile only that module with -release
-boundscheck. It's just not worth the security risk to disable bounds
checking in non-bottleneck code.
T
--
Those who don't understand Unix are condemned to reinvent it, poorly.
More information about the Digitalmars-d
mailing list