A serious security bug... caused by no bounds checking.
Tommi
tommitissari at hotmail.com
Fri Apr 11 07:10:20 PDT 2014
On Friday, 11 April 2014 at 13:44:09 UTC, Steven Schveighoffer
wrote:
> On Fri, 11 Apr 2014 09:35:12 -0400, Tommi
> <tommitissari at hotmail.com> wrote:
>
>> On Friday, 11 April 2014 at 13:13:22 UTC, Steven Schveighoffer
>> wrote:
>>> [..]
>>> 6. D @safe is labeled a "joke"
>>
>> More likely:
>> 6. This company's programming department is labeled a "joke".
>
> Perhaps, but it doesn't change the idea that @safe code had
> memory bugs. What we are saying with @safe is that you CAN'T
> have memory bugs, no matter how incompetent your programmers
> are.
You can't gurantee @safe to be memory-safe in the general case
without disallowing calls to @trusted, because those incompenent
programmers can write buggy @trusted functions and call them from
@safe code.
>>> There should be a way to say, "I still want all the @safety
>>> checks, except for this one critical array access, I have
>>> manually guaranteed the bounds". We don't have anything like
>>> that.
>>
>> We have array.ptr[idx]
>
> Not allowed in @safe code.
@trusted ref T unsafeIndex(T)(T[] array, ulong idx)
{
return array.ptr[idx];
}
There you go.
More information about the Digitalmars-d
mailing list