Typical security issues in C++: why the GC isn't your enemy
Iain Buclaw
ibuclaw at gdcproject.org
Tue Dec 6 18:24:36 UTC 2022
On Monday, 5 December 2022 at 23:58:58 UTC, Timon Gehr wrote:
> On 12/5/22 20:57, H. S. Teoh wrote:
>> Similarly, D's initialized-by-default variables are often
>> touted as a
>> big thing, but overall issues with uninitialized variables only
>> constitute about 1% of the total issues.
>
> Default initialization does not even fix all initialization
> issues, it just makes them reproducible. Anyway, I think
> neither default initialization nor uninitialized variables are
> the right solution, but you kind of have to do it this way
> given how scoping works in C++ and in D.
I wouldn't see lack of default initialization as a source of
bugs, rather an attack vector. It isn't a concern that there are
uninitialized data pointing to garbage causing your program to do
something wild/unexpected. The concern is when it might point to
useful information.
More information about the Digitalmars-d
mailing list