www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.bugs - [Issue 20870] New: std.outbuffer.printf is trusted

https://issues.dlang.org/show_bug.cgi?id=20870

          Issue ID: 20870
           Summary: std.outbuffer.printf is trusted
           Product: D
           Version: D2
          Hardware: x86
                OS: Mac OS X
            Status: NEW
          Keywords: safe
          Severity: enhancement
          Priority: P1
         Component: phobos
          Assignee: nobody puremagic.com
          Reporter: pro.mathias.lang gmail.com

I don't know how that made it past code review.

```
import std.outbuffer;
import std.stdio;

void main()  safe
{
    char[8] arr = 'a';
    auto buff = new OutBuffer();
    buff.printf("%.*s", 450000, &arr[0]);
    writeln(buff.toString());
}
```

This reads random characters off the stack.

--
May 28 2020