malloc and buffer overflow attacks

claptrap clap at
Fri Dec 31 08:46:59 UTC 2021

On Friday, 31 December 2021 at 00:13:56 UTC, Walter Bright wrote:
> While D offers buffer overflow detection, it does not protect 
> against buffer overflows resulting from an array size 
> calculation overflow:
>     T* p = cast(T*)malloc(len * T.sizeof);
> What if `len*T.sizeof` overflows? malloc() will succeed, but 
> the result will be too small for the data.
> I decided to grep dmd for such allocations:
> and fix them with overflow checks. I recommend everyone check 
> their own projects and eliminate such vulnerabilities.
> I post this as I've recently seen reports on malware injection 
> being enabled by presenting specially crafted input data to a 
> program that causes an overflow on the allocation, then 
> overwrites the data beyond the truncated allocated memory.

are the asserts not taken out in release mode?

More information about the Digitalmars-d mailing list