[Not really OT] Crowdstrike Analysis: It was a NULL pointer from the memory unsafe C++ language.
Dukc
ajieskola at gmail.com
Mon Jul 29 11:14:25 UTC 2024
Paolo Invernizzi kirjoitti 29.7.2024 klo 12.48:
> Are you suggesting to advertise the library as memory safe, knowing it's
> not?
> Do you have an idea of the legal consequences a company can have in this
> case?
>
> What you are describing it's a bug, a memory safety bug that must be for
> sure disclosed to customers, but closed. And thinking about it, the best
> way is to have a separate attribute to mark it in the code, instead of
> @trusted.
No. I mean (silly example but demonstrates the principle) that these are
wrong:
```D
extern(c) @trusted void free(void*);
/// Memory safe.
extern(c) @trusted void free(void*);
```
...but this is okay:
```D
/// Warning: Not actually memory safe! Review any @safe function
/// that uses this like it was a @trusted function and warn that it has
/// unsafe code inside
extern(c) @trusted void free(void*);
```
This pattern still can't be exactly recommended, but if for some strange
reason the function would be too inpractical to mark as `@system` it's
still an option.
More information about the Digitalmars-d
mailing list