About Format String Attack for D's *writef*()
Anders F Björklund
afb at algonet.se
Thu Oct 5 05:36:17 PDT 2006
is91042 wrote:
> Consider the following code.
>
> char[] user_name;
> writefln("Please Input your name: ");
> din.readf("%s", &user_name);
> writefln("Your name is ", user_name, ". And my name is Peter.");
BTW; "din" does not work in GDC on the Mac:
(i.e. std.stream.readf doesn't, actually...)
Please Input your name:
Anders
Your name is . And my name is Peter.
This is because there is no portable D standard
for how "typeid comparison" is supposed to work ?
In DMD, one typeid === another. In GDC, only ==.
(meaning that "arguments[j] is typeid()" breaks)
And I think that readf should go in std.stdio...
(along with freadf, and also std.string.unformat)
http://www.digitalmars.com/d/archives/digitalmars/D/11021.html
--anders
More information about the Digitalmars-d-bugs
mailing list