On 26.07.2016 00:17, Walter Bright wrote:
In poking around in Phobos, I found a number of cases like:
https://github.com/dlang/phobos/pull/4655
where overflow is possible in calculating storage sizes. Since
allocation normally happens in @trusted code, these are a
safety/security hole.
...
According to the language documentation, the patch does not fix the problem.
https://dlang.org/spec/expression.html#AssertExpression
"The expression assert(0) is a special case; it signifies that it is
unreachable code. [...] The optimization and code generation phases of
compilation may assume that it is unreachable code."
One way the optimizer can use the assumption is for optimizing away the
overflow check.
Your patch is just telling the optimizer that there is actually no
security hole, even when that is not true. It is a bad idea to conflate
assert and assume.