Yet another leak in the sinking ship of @safe
Jonathan M Davis via Digitalmars-d
digitalmars-d at puremagic.com
Thu Feb 18 11:55:09 PST 2016
On Thursday, 18 February 2016 at 19:28:16 UTC, Kagamin wrote:
> On Thursday, 18 February 2016 at 16:37:10 UTC, H. S. Teoh wrote:
>> (*ahem*std.socket*cough*) liberally sprinkle @trusted on every
>> function without regard to whether it's truly justified (e.g.,
>> see https://issues.dlang.org/show_bug.cgi?id=15672)
>
> How is bug 15672 related to std.socket? From quick glance at
> first thousand lines of std.socket I don't see functions
> incorrectly marked as trusted.
The problem with std.socket is that calls to stuff like recv
involve processing the data from void[], which is inherently
unsafe, but the D functions calling them (e.g. receive) are
marked as @trusted. It's conceptually similar to 15672 in that
recv is taking the void* that it's given (from the void[]) and
essentially converting it to ubyte* (or char*, since it's C),
which is more or less equivalent to casting the void[] to
ubyte[], which is what 15672 is about. However, even if 15672 is
fixed, it wouldn't affect std.socket any, because it's the fact
that a pointer to void[] is passed to a C function that converts
it to ubyte*/char* that's the problem, not that void[] is
converted to ubyte[] (since that never actually happens).
- Jonathan M Davis
More information about the Digitalmars-d
mailing list