std.file functions and embedded NUL characters [CWE-158]

Steven Schveighoffer schveiguy at gmail.com
Fri Aug 1 00:11:51 UTC 2025


On Thursday, 31 July 2025 at 22:36:42 UTC, monkyyy wrote:
> https://github.com/dlang/phobos/blob/205256abb1f86faf986f8c789cb733ca4137246e/std/string.d#L368
>
> are you sure? Im not entirely sure if this will always trigger 
> but theres asserts here

Yeah, I am aware of this, because I ran into it on another 
project. (https://github.com/snazzy-d/sdc/pull/410)

The issue is, that phobos is compiled without asserts.

The OP's issue is looking at this the wrong way. The 
responsibility is on the user to validate their input. I don't 
know that the library needs to do this. Even if we did, 
core.stdc.stdio is still there, and we can't change that.

In other words, the assert means *it's on the caller* to make 
sure they don't pass in a string with 0 terminators in it. The 
fact it is an assert is a clue that this is a programming error, 
not a validation error.

If we checked for mid-string zero terminators on all calls to 
`toStringz`, we would kill performance where mostly it isn't 
necessary (this is only important if you don't trust where the 
data came from. This would lead to a different sort of problem 
("How come D/C interop is so slow!?")

What we need in phobos v3 is a set of validating features for 
user input so we give the user the tools necessary to do this 
correctly.

-Steve


More information about the Digitalmars-d mailing list