RFC: Change what assert does on error
Walter Bright
newshound2 at digitalmars.com
Fri Jul 4 07:24:33 UTC 2025
On 7/3/2025 1:25 AM, Richard (Rikki) Andrew Cattermole wrote:
>> From what I can tell this kind of attack is unlikely in D even without the
> codegen protection. So once again, the Error class hierarchy offers no
> protection from this kind of attack.
The paper says that exception unwinding of the stack is still vulnerable to
malware attack.
> Need more evidence to suggest that Error shouldn't offer cleanup. Right now I
> have none.
Because:
1. there is no purpose to the cleanup as the process is to be terminated
2. code that is not executed is not vulnerable to attack
3. the more code that is executed after the program entered unknown and
unanticipated territory, the more likely it will corrupt something that matters
Do you really want cleanup code to be updating your data files after the program
has corrupted its data structures?
---
This whole discussion seems pointless anyway. If you want to unwind the
exception stack every time, use enforce(), not assert(). That's what it's for.
More information about the Digitalmars-d
mailing list