|
|
|
|
|
|
by alchemio
403 days ago
|
|
|
Zig’s general purpose allocator might detect use after free in debug builds, however zig appears to be ok with dangling (invalidated) pointers/slices and use after free for stack variables, which is more concerning, especially from a security standpoint. ```zig const std = @import("std"); fn get_ptr() i32 {
var a: i32 = 6;
return &a;
} pub fn main() void { var x: ?*i32 = undefined;
{
var a: i32 = 5;
x.? = &a;
}
std.debug.print("{} {}", .{ x.?.*, get_ptr().* });
}```
These are trivial examples that Zig doesn’t even warn about, even though similar code in C or C++ gets a warning in gcc and clang. This discussion: https://ziggit.dev/t/what-makes-ban-returning-pointer-to-sta... indicates that core zig devs aren’t interested in diagnosing such usage. |
|
|