On Friday, 6 February 2015 at 08:58:05 UTC, Walter Bright wrote:
On 2/6/2015 12:31 AM, Kagamin wrote:
On Thursday, 5 February 2015 at 23:39:39 UTC, Walter Bright
wrote:
static void trustedMemcopy(T[] dest, T[] src) @trusted
{
assert(src.length == dest.length);
memcpy(dest.ptr, src.ptr, src.length * T.sizeof);
}
Should be enforce: assert doesn't guard against malicious
usage.
Cue my endless attempts to explain the difference between input
errors and logic errors :-(
A little offtop: if this function is compiled in release mode and
compiler assumes assert holds, it's free to use dest.length
instead of src.length and if at runtime dest is longer than src,
this will create heartbleed-like bug in safe code.
