[OffTopic] A vulnerability postmortem on Network Security Services

Nick Treleaven nick at geany.org
Fri Dec 10 11:54:13 UTC 2021

On Wednesday, 8 December 2021 at 18:14:36 UTC, Timon Gehr wrote:
> This is a pretty obvious safety hole:
> ```d
> void main()@safe{
>     struct S{
>         pragma(mangle,"foo"):
>         static extern(C) void foo(int){
>             import core.stdc.stdlib;
>             free(cast(void*)0xDEADBEEF);
>         }
>         static extern(C) void foo()@safe;
>     }
>     S.foo();
> }
> ```
> There is no @trusted code in that snippet and it frees an 
> invented pointer.

It seems pragma(mangle) should require that the function it 
applies to is not @safe. But even without pragma(mangle), foo can 
be made a free function with the same problem.

Forbidding @safe on a function prototype would fix that, 
requiring @trusted instead. Enforcing that is necessary anyway 
for when the function body is not available to be mechanically 
checked for memory safety.

More information about the Digitalmars-d mailing list