-----
import std.traits;
import std.stdio;

void handler(C)(C callback)
{
    callback("John");
}

void main()
{
    auto safeCallback = (string user, string pass = "hunter2")
    {
        writefln("The password is: '%s'", pass);
    };

    handler(safeCallback);
    someOtherFunc();
}

void someOtherFunc()
{
    auto hijackPassword = (string user, string pass)
    {
        writefln("Now I know your password: '%s'", pass);
    };

    handler(hijackPassword);
}
-----

On Tuesday, 29 April 2014 at 10:38:24 UTC, Andrej Mitrovic via Digitalmars-d wrote:
>
> void main()
> {
>     auto safeCallback = (string user, string pass = "hunter2")
>     {
>         writefln("The password is: '%s'", pass);
>     };
>
I'm sorry, but can you explain how this lets an attacker learn anything useful?  I think it's a funny trick, and I agree on principle that it's probably an error that should be fixed, but I'm having trouble coming up with reasons why being able to discover the default argument (which I would assume is sentinel junk) has gravity.  I would generally consider literal assignments in code to be trivially compromised anyway?

-Wyatt

On 4/29/14, Wyatt via Digitalmars-d <digitalmars-d@puremagic.com> wrote:
> I'm sorry, but can you explain how this lets an attacker learn anything useful?

Maybe I over-exaggerated a little bit here.

On 4/29/14, Kenji Hara via Digitalmars-d <digitalmars-d@puremagic.com> wrote:
> This is a compiler bug.

Ok, I thought it was maybe by design. I remember there being a similar issue with function pointers not being distinct w.r.t. default arguments. There's a bugzilla issue where Walter comments on it. I'm not sure about the issue number though.

Is this in Bugzilla?