Typical security issues in C++: why the GC isn't your enemy
Walter Bright
newshound2 at digitalmars.com
Fri Dec 9 03:40:56 UTC 2022
On 12/8/2022 7:07 PM, Siarhei Siamashka wrote:
> Now imagine some users in a C++ forum discussing the list of security issues in
> some large D application. Just like H. S. Teoh in the first message of this
> thread, somebody in this C++ forum could come up with the following statement:
> *"Bounds checking is also sometimes brought up as something important; but at
> least according to the above categorization it only accounts for X% of issues.
> So not as big a deal as some may have made it sound."* ;-)
Bounds checking is always done, so is not dependent on test coverage to find the
bounds check bugs.
But I do agree that an option to insert arithmetic overflow checking would be a
good thing.
What's also a good thing is an ability to mark certain calculations as "always
check for overflow". You can see that in the D compiler source code in various
places.
More information about the Digitalmars-d
mailing list