Menu
Search

Forums

Forum Index

Jump to page: 1 25  
Page
Thread overview
Modern C++ Won't Save Us
Apr 26, 2021
Walter Bright
Apr 27, 2021
Per Nordlöw
Apr 26, 2021
MoonlightSentinel
Apr 27, 2021
Walter Bright
Apr 27, 2021
MoonlightSentinel
Apr 27, 2021
Walter Bright
Apr 27, 2021
Vladimir Panteleev
Apr 27, 2021
MoonlightSentinel
Apr 27, 2021
Max Haughton
Apr 27, 2021
Vladimir Panteleev
Apr 27, 2021
Walter Bright
Apr 28, 2021
Paul Backus
Apr 28, 2021
Walter Bright
Apr 29, 2021
Imperatorn
Apr 30, 2021
Walter Bright
Apr 28, 2021
Kagamin
Apr 26, 2021
Calvin P
Apr 27, 2021
bioinfornatics
Apr 27, 2021
mw
Apr 28, 2021
bioinfornatics
Apr 29, 2021
bioinfornatics
Apr 29, 2021
Paulo Pinto
Apr 29, 2021
Imperatorn
Apr 30, 2021
throway
Apr 30, 2021
throway
Apr 30, 2021
Imperatorn
Apr 30, 2021
evilrat
Apr 30, 2021
evilrat
Apr 30, 2021
SealabJaster
Apr 30, 2021
Paul Backus
May 01, 2021
evilrat
Apr 30, 2021
Imperatorn
Apr 30, 2021
IGotD-
Apr 30, 2021
sighoya
Apr 30, 2021
Bienlein
Apr 26, 2021
Kagamin
April 25, 2021
Gravatar of Walter BrightPosted by Walter BrightReply
Walter Bright
Gravatar of Walter Bright


Reply
https://alexgaynor.net/2019/apr/21/modern-c++-wont-save-us/

Lists some perfectly reasonable code in Modern C++ style that has hidden memory safety bugs.
April 26, 2021
Gravatar of Petar Kirov [ZombineDev]Posted by Petar Kirov [ZombineDev]
in reply to Walter Bright		Reply
Petar Kirov [ZombineDev]
Gravatar of Petar Kirov [ZombineDev]
Posted in reply to Walter Bright


Reply
On Monday, 26 April 2021 at 01:28:35 UTC, Walter Bright wrote:
> https://alexgaynor.net/2019/apr/21/modern-c++-wont-save-us/
>
> Lists some perfectly reasonable code in Modern C++ style that has hidden memory safety bugs.

Unfortunately, Phobos got bitten by exactly the same use-after-free bug as the article showcases:

https://github.com/dlang/phobos/pull/7988/commits/08927149ccbb3a20fb7e97687065fe66a33e2cb8
April 26, 2021
Gravatar of Dominikus Dittes ScherklPosted by Dominikus Dittes Scherkl
in reply to Petar Kirov [ZombineDev]		Reply
Dominikus Dittes Scherkl
Gravatar of Dominikus Dittes Scherkl
Posted in reply to Petar Kirov [ZombineDev]


Reply
On Monday, 26 April 2021 at 07:21:38 UTC, Petar Kirov [ZombineDev] wrote:
> On Monday, 26 April 2021 at 01:28:35 UTC, Walter Bright wrote:
>> https://alexgaynor.net/2019/apr/21/modern-c++-wont-save-us/
>>
>> Lists some perfectly reasonable code in Modern C++ style that has hidden memory safety bugs.
>
> Unfortunately, Phobos got bitten by exactly the same use-after-free bug as the article showcases:
>
> https://github.com/dlang/phobos/pull/7988/commits/08927149ccbb3a20fb7e97687065fe66a33e2cb8

Yeah. And were got it bitten?
In its f***ing C interface.

null terminated strings are a piece from hell that should be banned, not proliferated!
April 26, 2021
Gravatar of Calvin PPosted by Calvin P
in reply to Walter Bright		Reply
Calvin P
Gravatar of Calvin P
Posted in reply to Walter Bright


Reply
On Monday, 26 April 2021 at 01:28:35 UTC, Walter Bright wrote:
> https://alexgaynor.net/2019/apr/21/modern-c++-wont-save-us/
>
> Lists some perfectly reasonable code in Modern C++ style that has hidden memory safety bugs.

Rust used for kernel/browser/database/UI, D also king able to work but not work good(no product or big projects).


Rust replace c++ jobs, go replace java jobs.  D need better long-term strategy.
April 26, 2021
Gravatar of KagaminPosted by Kagamin
in reply to Walter Bright		Reply
Kagamin
Gravatar of Kagamin
Posted in reply to Walter Bright


Reply
STL can be reasonably seen as C heritage too as it was intentionally designed to be unsafe by default, and now it's kept for consistency.
April 26, 2021
Gravatar of Steven SchveighofferPosted by Steven Schveighoffer
in reply to Dominikus Dittes Scherkl		Reply
Steven Schveighoffer
Gravatar of Steven Schveighoffer
Posted in reply to Dominikus Dittes Scherkl


Reply
On 4/26/21 7:44 AM, Dominikus Dittes Scherkl wrote:
> On Monday, 26 April 2021 at 07:21:38 UTC, Petar Kirov [ZombineDev] wrote:
>> On Monday, 26 April 2021 at 01:28:35 UTC, Walter Bright wrote:
>>> https://alexgaynor.net/2019/apr/21/modern-c++-wont-save-us/
>>>
>>> Lists some perfectly reasonable code in Modern C++ style that has hidden memory safety bugs.
>>
>> Unfortunately, Phobos got bitten by exactly the same use-after-free bug as the article showcases:
>>
>> https://github.com/dlang/phobos/pull/7988/commits/08927149ccbb3a20fb7e97687065fe66a33e2cb8 
>>
> 
> Yeah. And were got it bitten?
> In its f***ing C interface.
> 
> null terminated strings are a piece from hell that should be banned, not proliferated!

Null terminated strings have nothing to do with it. The issue is not the null termination, but the use after free (change this to a temporary D array, and it still will have the same problem).

How do we fix it? tempCString is a horrifically unsafe construct. You can extract a pointer out of it without even trying, and now you have a reference that will easily outlive the thing it refers to.

The idea here is, tempCString must be stored, it can never be a temporary inside the expression. How do you express that in code? I'd start AT LEAST by removing the alias this, so at least it's not so trivial to violate safety.

I also can't see any marking of @system for anything, IMO, @system should be all over this type to avoid accidentally compiling in @safe code.

-Steve
April 26, 2021
Gravatar of MoonlightSentinelPosted by MoonlightSentinel
in reply to Petar Kirov [ZombineDev]		Reply
MoonlightSentinel
Gravatar of MoonlightSentinel
Posted in reply to Petar Kirov [ZombineDev]


Reply
On Monday, 26 April 2021 at 07:21:38 UTC, Petar Kirov [ZombineDev] wrote:
> Unfortunately, Phobos got bitten by exactly the same use-after-free bug as the article showcases:
>
> https://github.com/dlang/phobos/pull/7988/commits/08927149ccbb3a20fb7e97687065fe66a33e2cb8

Isn't this an error that should be detected by DIP25 / DIP1000? I was quite surprised that -preview=dip1000 accepted this code.
April 26, 2021
Gravatar of Walter BrightPosted by Walter Bright
in reply to MoonlightSentinel		Reply
Walter Bright
Gravatar of Walter Bright
Posted in reply to MoonlightSentinel


Reply
On 4/26/2021 1:20 PM, MoonlightSentinel wrote:
> On Monday, 26 April 2021 at 07:21:38 UTC, Petar Kirov [ZombineDev] wrote:
>> Unfortunately, Phobos got bitten by exactly the same use-after-free bug as the article showcases:
>>
>> https://github.com/dlang/phobos/pull/7988/commits/08927149ccbb3a20fb7e97687065fe66a33e2cb8 
>>
> 
> Isn't this an error that should be detected by DIP25 / DIP1000? I was quite surprised that -preview=dip1000 accepted this code.

The checks are defeated by the @trusted function:

    @property inout(To)* buffPtr() inout
    {
        return _ptr == useStack ? _buff.ptr : _ptr;
    }


https://github.com/dlang/phobos/blob/master/std/internal/cstring.d#L229
April 27, 2021
Gravatar of MoonlightSentinelPosted by MoonlightSentinel
in reply to Walter Bright		Reply
MoonlightSentinel
Gravatar of MoonlightSentinel
Posted in reply to Walter Bright


Reply

On Tuesday, 27 April 2021 at 05:01:09 UTC, Walter Bright wrote:

>

The checks are defeated by the @trusted function:

DMD doesn't catch the error even when making tempCString and browse @safe (using appropriate @trusted lambdas, ...):

https://issues.dlang.org/show_bug.cgi?id=21868

April 27, 2021
Gravatar of Walter BrightPosted by Walter Bright
in reply to MoonlightSentinel		Reply
Walter Bright
Gravatar of Walter Bright
Posted in reply to MoonlightSentinel


Reply
On 4/27/2021 2:37 AM, MoonlightSentinel wrote:
> https://issues.dlang.org/show_bug.cgi?id=21868

Thanks!
« First   ‹ Prev
1 2 3 4 5
Next ›   Last »