The case for integer overflow checks?
Kagamin via Digitalmars-d
digitalmars-d at puremagic.com
Fri Sep 15 16:39:46 UTC 2017
On Friday, 15 September 2017 at 12:25:10 UTC, Guillaume Piolat
wrote:
> Well here I don't think so: this attack is used to adress a
> very large space, while having a very small actually allocated
> memory space. Bounds would be too large to matter.
As long as it works in bounds it should be more or less ok.
> That would be calloc.
I mean allocator that returns bound checked array. And you can
call calloc incorrectly too.
> The point is that it's easy to make the vulnerability
> disappear, once you know about such things and traps.
It's not because nobody knows about buffer overflows. C leaves
the task on the programmer, and the task is too huge for manual
labor without help from the language, ecosystem and coding
practices, of course nobody does it.
More information about the Digitalmars-d
mailing list