Modern C++ Won't Save Us
Steven Schveighoffer
schveiguy at gmail.com
Mon Apr 26 16:20:01 UTC 2021
On 4/26/21 7:44 AM, Dominikus Dittes Scherkl wrote:
> On Monday, 26 April 2021 at 07:21:38 UTC, Petar Kirov [ZombineDev] wrote:
>> On Monday, 26 April 2021 at 01:28:35 UTC, Walter Bright wrote:
>>> https://alexgaynor.net/2019/apr/21/modern-c++-wont-save-us/
>>>
>>> Lists some perfectly reasonable code in Modern C++ style that has
>>> hidden memory safety bugs.
>>
>> Unfortunately, Phobos got bitten by exactly the same use-after-free
>> bug as the article showcases:
>>
>> https://github.com/dlang/phobos/pull/7988/commits/08927149ccbb3a20fb7e97687065fe66a33e2cb8
>>
>
> Yeah. And were got it bitten?
> In its f***ing C interface.
>
> null terminated strings are a piece from hell that should be banned, not
> proliferated!
Null terminated strings have nothing to do with it. The issue is not the
null termination, but the use after free (change this to a temporary D
array, and it still will have the same problem).
How do we fix it? tempCString is a horrifically unsafe construct. You
can extract a pointer out of it without even trying, and now you have a
reference that will easily outlive the thing it refers to.
The idea here is, tempCString must be stored, it can never be a
temporary inside the expression. How do you express that in code? I'd
start AT LEAST by removing the alias this, so at least it's not so
trivial to violate safety.
I also can't see any marking of @system for anything, IMO, @system
should be all over this type to avoid accidentally compiling in @safe code.
-Steve
More information about the Digitalmars-d
mailing list