std.file functions and embedded NUL characters [CWE-158]
Steven Schveighoffer
schveiguy at gmail.com
Fri Aug 1 00:11:51 UTC 2025
On Thursday, 31 July 2025 at 22:36:42 UTC, monkyyy wrote:
> https://github.com/dlang/phobos/blob/205256abb1f86faf986f8c789cb733ca4137246e/std/string.d#L368
>
> are you sure? Im not entirely sure if this will always trigger
> but theres asserts here
Yeah, I am aware of this, because I ran into it on another
project. (https://github.com/snazzy-d/sdc/pull/410)
The issue is, that phobos is compiled without asserts.
The OP's issue is looking at this the wrong way. The
responsibility is on the user to validate their input. I don't
know that the library needs to do this. Even if we did,
core.stdc.stdio is still there, and we can't change that.
In other words, the assert means *it's on the caller* to make
sure they don't pass in a string with 0 terminators in it. The
fact it is an assert is a clue that this is a programming error,
not a validation error.
If we checked for mid-string zero terminators on all calls to
`toStringz`, we would kill performance where mostly it isn't
necessary (this is only important if you don't trust where the
data came from. This would lead to a different sort of problem
("How come D/C interop is so slow!?")
What we need in phobos v3 is a set of validating features for
user input so we give the user the tools necessary to do this
correctly.
-Steve
More information about the Digitalmars-d
mailing list