malloc and buffer overflow attacks

forkit forkit at
Sun Jan 2 10:49:56 UTC 2022

On Friday, 31 December 2021 at 00:13:56 UTC, Walter Bright wrote:
> While D offers buffer overflow detection, it does not protect 
> against buffer overflows resulting from an array size 
> calculation overflow:
>     T* p = cast(T*)malloc(len * T.sizeof);
> What if `len*T.sizeof` overflows? malloc() will succeed, but 
> the result will be too small for the data.

but the idea that code is only as safe as the functions it calls, 
is not a new idea...right?

More information about the Digitalmars-d mailing list