www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.bugs - [Issue 15702] New: std.socket.Socket.receive is breaks safe


          Issue ID: 15702
           Summary: std.socket.Socket.receive is breaks  safe
           Product: D
           Version: D2
          Hardware: x86_64
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P1
         Component: phobos
          Assignee: nobody puremagic.com
          Reporter: hsteoh quickfur.ath.cx

std.socket.Socket.receive is marked  trusted; however, this is unjustified,
because it receives a void[] as buffer and overwrites the buffer with incoming
socket data. If the buffer is an array of elements with indirection, this will
break  safe-ty:

void main()  safe {
    Socket sock = ...;
    Object[] buf = new Object[1];

    // This overwrites the Object ptr with arbitrary data:
    sock.receive(buf, SocketFlags.init);

This raises the question of whether *any* function that takes in a non-const
void[] can reasonably be marked  trusted, since the original type of the array
has been erased and the function has no way to guarantee that writing to the
void[] won't overwrite pointers with illegal values.

Feb 18 2016