malloc and buffer overflow attacks
forkit
forkit at gmail.com
Sun Jan 2 10:49:56 UTC 2022
On Friday, 31 December 2021 at 00:13:56 UTC, Walter Bright wrote:
> While D offers buffer overflow detection, it does not protect
> against buffer overflows resulting from an array size
> calculation overflow:
>
> T* p = cast(T*)malloc(len * T.sizeof);
>
> What if `len*T.sizeof` overflows? malloc() will succeed, but
> the result will be too small for the data.
>
but the idea that code is only as safe as the functions it calls,
is not a new idea...right?
More information about the Digitalmars-d
mailing list