Typical security issues in C++: why the GC isn't your enemy
Timon Gehr
timon.gehr at gmx.ch
Tue Dec 6 23:34:28 UTC 2022
On 12/6/22 19:24, Iain Buclaw wrote:
> On Monday, 5 December 2022 at 23:58:58 UTC, Timon Gehr wrote:
>> On 12/5/22 20:57, H. S. Teoh wrote:
>>> Similarly, D's initialized-by-default variables are often touted as a
>>> big thing, but overall issues with uninitialized variables only
>>> constitute about 1% of the total issues.
>>
>> Default initialization does not even fix all initialization issues, it
>> just makes them reproducible. Anyway, I think neither default
>> initialization nor uninitialized variables are the right solution, but
>> you kind of have to do it this way given how scoping works in C++ and
>> in D.
>
> I wouldn't see lack of default initialization as a source of bugs,
> rather an attack vector. It isn't a concern that there are
> uninitialized data pointing to garbage causing your program to do
> something wild/unexpected. The concern is when it might point to useful
> information.
True, that's a concern (default initialization does fix _some_ issues
around initialization).
More information about the Digitalmars-d
mailing list