[OffTopic] A vulnerability postmortem on Network Security Services

Tejas notrealemail at gmail.com
Thu Dec 2 16:44:42 UTC 2021


On Thursday, 2 December 2021 at 13:19:09 UTC, Steven 
Schveighoffer wrote:
> On 12/2/21 7:15 AM, Johan wrote:
>> On Thursday, 2 December 2021 at 11:01:07 UTC, Imperatorn wrote:
>>> On Thursday, 2 December 2021 at 08:09:18 UTC, Paulo Pinto 
>>> wrote:
>>>> [...]
>>>
>>> Bottom line:
>>> Use D instead of C 😎
>> 
>> Sorry to rain on the party here, but D is of course not at all 
>> immune to this problem.
>> It was not hard to find out-of-bounds memory access in the D 
>> compiler, using the fuzz techniques mentioned in the article.
>
> The D compiler is not @safe.
>
> Using D isn't enough, you need to use @safe D.
>
> Even that isn't enough, because most of the time people misuse 
> @trusted (because it's so easy to misuse).
>
> -Steve

Wish the `@safe` by default DIP had passed :(
Any hope of reviving it and merging into master??


More information about the Digitalmars-d mailing list