malloc and buffer overflow attacks
Nick Treleaven
nick at geany.org
Fri Dec 31 17:57:51 UTC 2021
On Friday, 31 December 2021 at 13:52:26 UTC, Paul Backus wrote:
> For projects using Phobos, an easy way to avoid this is to use
> [`Mallocator`][1] and [`makeArray`][2] from the
> `std.experimental.allocator` package.
>
> T[] array = Mallocator.instance.makeArray!T(len);
>
> `makeArray` will perform an overflow check internally and
> return `null` if the check fails.
This. D code should not keep calling C malloc when we can do
better. It's unfortunate that the import and the call above are
quite awkward to remember and type. It's a shame
core.memory.pureMalloc repeats this vulnerable design. Perhaps
add an overload for ease of use?
```d
import core.memory;
T[] array = pureMalloc!T(len);
```
More information about the Digitalmars-d
mailing list