Kernel buffer overflow exposes iPhone 11 Pro to radio based attacks

Walter Bright newshound2 at
Fri Dec 4 07:10:51 UTC 2020

On 12/2/2020 9:52 AM, H. S. Teoh wrote:
> It seems like a minor detail, but it makes a huge difference when the
> length of the array is always kept together with the pointer to the
> array contents, and is supported by the language.  I work with C code
> daily, and I cannot tell you how many times I've seen absolutely
> terrifying code that simply passes a bare pointer around willy-nilly,
> making implicit assumptions about array size that, almost inevitably,
> some user code somewhere violates.  Or the number of times I've fixed
> bugs involving checking the wrong size against the wrong pointer,
> because when you have to manually pass them around, it's easy to make
> mistakes.

I wrote C every day for 15 years before I was able to reliably write complex 
code that didn't have buffer overflows and other pointer bugs. The conversion of 
DMD from C to D did not uncover a single pointer bug, which I'm rather proud of. 
But with D, there's no longer a need to train 15 years to write reliable code.

> The worst is C strings.  The number of bugs I've caught involving
> (potentially) unterminated strings is absolutely scary.

I've talked many times about whenever I review C code, I'll look at the use of 
string functions first and will nearly always find a bug.

> D made a bunch of seemingly-minor, but actually game-changing decisions
> that eliminate 95% of the above-mentioned problems.  The single biggest
> one is probably the D array aka fat pointer, as far as memory bugs are
> concerned.  There are a bunch of others, which others have mentioned.
> The general design in D is to make the simplest, most naïve code
> memory-safe, and you have to work at it if you want to bypass that
> safety net for systems programming reasons.  Which means you'll be
> thinking harder about your code, and hopefully more aware of potential
> issues and catch yourself before making slip-ups.  That's the way the
> incentives should be, not the other way round as it is in C.

I couldn't have said it better!

More information about the Digitalmars-d mailing list