Re: Default arguments in function callbacks not taken into account when instantiating templates has huge security implications

Is this in Bugzilla?

Re: Default arguments in function callbacks not taken into account when instantiating templates has huge security implications

On 4/29/14, Wyatt via Digitalmars-d digitalmars-d@puremagic.com wrote: I'm sorry, but can you explain how this lets an attacker learn anything useful? Maybe I over-exaggerated a little bit here. On 4/29/14, Kenji Hara via Digitalmars-d digitalmars-d@puremagic.com wrote: This is a compiler

Default arguments in function callbacks not taken into account when instantiating templates has huge security implications

- import std.traits; import std.stdio; void handler(C)(C callback) { callback(John); } void main() { auto safeCallback = (string user, string pass = hunter2) { writefln(The password is: '%s', pass); }; handler(safeCallback); someOtherFunc(); } void

Re: Default arguments in function callbacks not taken into account when instantiating templates has huge security implications

On Tuesday, 29 April 2014 at 10:38:24 UTC, Andrej Mitrovic via Digitalmars-d wrote: void main() { auto safeCallback = (string user, string pass = hunter2) { writefln(The password is: '%s', pass); }; I'm sorry, but can you explain how this lets an attacker learn anything

Re: Default arguments in function callbacks not taken into account when instantiating templates has huge security implications

This is a compiler bug. When template parameter C is deduced from the call handler(safeCallback), the default argument `= hunter2 should be stripped from the deduced function pointer type. Then, the call callback(John); in handler template function body should fail to compile always, because