RFC: Change what assert does on error

Richard (Rikki) Andrew Cattermole richard at cattermole.co.nz
Thu Jul 3 08:25:42 UTC 2025


A couple of us have gone and asked both Gemini and Grok what they think 
of this: "Are there any currently known malware or attacks that use 
stack unwinding as an attack vector?"

Gemini unsurprisingly gave the best answer.

It is based upon the paper "Let Me Unwind That For You: Exceptions to
Backward-Edge Protection": 
https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_s295_paper.pdf

The premise is you must be able to overwrite stack data (this is solved 
in D between @safe and bounds checking). Then throw ANY exception. It 
does not have to be an Error, it can be an Exception.

Before all that occurs you need some code to execute. This requires you 
to bypass things like ASLR and CET. And know enough about the program to 
identify that there is code that you could execute.

 From what I can tell this kind of attack is unlikely in D even without 
the codegen protection. So once again, the Error class hierarchy offers 
no protection from this kind of attack.

Need more evidence to suggest that Error shouldn't offer cleanup. Right 
now I have none.


More information about the Digitalmars-d mailing list