[Not really OT] Crowdstrike Analysis: It was a NULL pointer from the memory unsafe C++ language.
Paolo Invernizzi
paolo.invernizzi at gmail.com
Mon Jul 29 11:21:47 UTC 2024
On Monday, 29 July 2024 at 11:14:25 UTC, Dukc wrote:
> Paolo Invernizzi kirjoitti 29.7.2024 klo 12.48:
>> Are you suggesting to advertise the library as memory safe,
>> knowing it's not?
>> Do you have an idea of the legal consequences a company can
>> have in this case?
>>
>> What you are describing it's a bug, a memory safety bug that
>> must be for sure disclosed to customers, but closed. And
>> thinking about it, the best way is to have a separate
>> attribute to mark it in the code, instead of @trusted.
>
> No. I mean (silly example but demonstrates the principle) that
> these are wrong:
>
> ```D
> extern(c) @trusted void free(void*);
>
> /// Memory safe.
> extern(c) @trusted void free(void*);
> ```
>
> ...but this is okay:
>
> ```D
> /// Warning: Not actually memory safe! Review any @safe function
> /// that uses this like it was a @trusted function and warn
> that it has
> /// unsafe code inside
> extern(c) @trusted void free(void*);
> ```
>
> This pattern still can't be exactly recommended, but if for
> some strange reason the function would be too inpractical to
> mark as `@system` it's still an option.
The "review any @safe function ... like it was a @trusted
function" is an abomination, and totally dismiss the only reason
to have @safe in the language.
@safe: MECHANICALLY verified, it's safe, NO NEED to review.
More information about the Digitalmars-d
mailing list