malloc and buffer overflow attacks
nick at geany.org
Fri Dec 31 17:57:51 UTC 2021
On Friday, 31 December 2021 at 13:52:26 UTC, Paul Backus wrote:
> For projects using Phobos, an easy way to avoid this is to use
> [`Mallocator`] and [`makeArray`] from the
> `std.experimental.allocator` package.
> T array = Mallocator.instance.makeArray!T(len);
> `makeArray` will perform an overflow check internally and
> return `null` if the check fails.
This. D code should not keep calling C malloc when we can do
better. It's unfortunate that the import and the call above are
quite awkward to remember and type. It's a shame
core.memory.pureMalloc repeats this vulnerable design. Perhaps
add an overload for ease of use?
T array = pureMalloc!T(len);
More information about the Digitalmars-d