The case for integer overflow checks?

Kagamin via Digitalmars-d digitalmars-d at puremagic.com
Fri Sep 15 16:39:46 UTC 2017


On Friday, 15 September 2017 at 12:25:10 UTC, Guillaume Piolat 
wrote:
> Well here I don't think so: this attack is used to adress a 
> very large space, while having a very small actually allocated 
> memory space. Bounds would be too large to matter.

As long as it works in bounds it should be more or less ok.

> That would be calloc.

I mean allocator that returns bound checked array. And you can 
call calloc incorrectly too.

> The point is that it's easy to make the vulnerability 
> disappear, once you know about such things and traps.

It's not because nobody knows about buffer overflows. C leaves 
the task on the programmer, and the task is too huge for manual 
labor without help from the language, ecosystem and coding 
practices, of course nobody does it.


More information about the Digitalmars-d mailing list