RFC: Change what assert does on error
Richard (Rikki) Andrew Cattermole
richard at cattermole.co.nz
Thu Jul 3 08:25:42 UTC 2025
A couple of us have gone and asked both Gemini and Grok what they think
of this: "Are there any currently known malware or attacks that use
stack unwinding as an attack vector?"
Gemini unsurprisingly gave the best answer.
It is based upon the paper "Let Me Unwind That For You: Exceptions to
Backward-Edge Protection":
https://www.ndss-symposium.org/wp-content/uploads/2023/02/ndss2023_s295_paper.pdf
The premise is you must be able to overwrite stack data (this is solved
in D between @safe and bounds checking). Then throw ANY exception. It
does not have to be an Error, it can be an Exception.
Before all that occurs you need some code to execute. This requires you
to bypass things like ASLR and CET. And know enough about the program to
identify that there is code that you could execute.
From what I can tell this kind of attack is unlikely in D even without
the codegen protection. So once again, the Error class hierarchy offers
no protection from this kind of attack.
Need more evidence to suggest that Error shouldn't offer cleanup. Right
now I have none.
More information about the Digitalmars-d
mailing list