std.file functions and embedded NUL characters [CWE-158]

monkyyy crazymonkyyy at gmail.com
Thu Jul 31 22:27:56 UTC 2025


On Thursday, 31 July 2025 at 21:47:24 UTC, Richard (Rikki) Andrew 
Cattermole wrote:
> This is quite a good example of why for PhobosV3 I want us to 
> go through a FilePath abstraction, rather than accepting random 
> strings for file names.

whats wrong with just changing toStringz? I dont understand the 
threat profile imagined by the infinitely wise cve org; but you 
could make toStringz:

a) shorten it to the first null char
b) replace null with something
c) (bad idea but youll love it) assert when detecting extra null


More information about the Digitalmars-d mailing list