[OffTopic] A vulnerability postmortem on Network Security Services
Nick Treleaven
nick at geany.org
Fri Dec 10 11:54:13 UTC 2021
On Wednesday, 8 December 2021 at 18:14:36 UTC, Timon Gehr wrote:
> This is a pretty obvious safety hole:
>
> ```d
> void main()@safe{
> struct S{
> pragma(mangle,"foo"):
> static extern(C) void foo(int){
> import core.stdc.stdlib;
> free(cast(void*)0xDEADBEEF);
> }
> static extern(C) void foo()@safe;
> }
> S.foo();
> }
> ```
>
> There is no @trusted code in that snippet and it frees an
> invented pointer.
It seems pragma(mangle) should require that the function it
applies to is not @safe. But even without pragma(mangle), foo can
be made a free function with the same problem.
Forbidding @safe on a function prototype would fix that,
requiring @trusted instead. Enforcing that is necessary anyway
for when the function body is not available to be mechanically
checked for memory safety.
More information about the Digitalmars-d
mailing list