• bearophile (5/6) Jan 18 2010 In future if I can I'll keep posting here other widely destructive examp...
• Bane (3/13) Jan 19 2010 Sad but true, until D becomes so mainstream that it becomes tool for mak...
• retard (6/37) Jan 19 2010 [OT] D is still too low level for extremely reliable software. I don't
• Bane (2/41) Jan 19 2010 Slightly better than mr. Samuel Colt or Alfred Nobel?
• retard (2/46) Jan 19 2010 Heh, good point =)
• Lutger (2/8) Jan 19 2010 SafeD?
• Michel Fortin (7/31) Jan 19 2010 Almost there. But still not fully memory-safe:

bearophile <bearophileHUGS lycos.com> writes:

Another of those billion dollar mistakes D2 will not be able to avoid!

http://www.microsoft.com/technet/security/advisory/979352.mspx

Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4
on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet
Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and
Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported
editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server
2008, Windows 7, and Windows Server 2008 R2 are vulnerable. The vulnerability
exists as an invalid pointer reference within Internet Explorer. It is possible
under certain conditions for the invalid pointer to be accessed after an object
is deleted. In a specially-crafted attack, in attempting to access a freed
object, Internet Explorer can be caused to allow remote code execution.<

In future if I can I'll keep posting here other widely destructive examples of
this class of bugs.

Bye,
bearophile

Bane <branimir.milosavljevic gmail.com> writes:

bearophile Wrote:

 Another of those billion dollar mistakes D2 will not be able to avoid!
 
 http://www.microsoft.com/technet/security/advisory/979352.mspx
 
Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4
on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet
Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and
Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported
editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server
2008, Windows 7, and Windows Server 2008 R2 are vulnerable. The vulnerability
exists as an invalid pointer reference within Internet Explorer. It is possible
under certain conditions for the invalid pointer to be accessed after an object
is deleted. In a specially-crafted attack, in attempting to access a freed
object, Internet Explorer can be caused to allow remote code execution.<

 
 In future if I can I'll keep posting here other widely destructive examples of
this class of bugs.
 
 Bye,
 bearophile

Sad but true, until D becomes so mainstream that it becomes tool for making
such software, I don't think there will be people trying to find and abuse such
bugs.

And yes, pointers can be pain in the butt - that's why I switched to D :D

retard <re tard.com.invalid> writes:

Tue, 19 Jan 2010 06:00:50 -0500, Bane wrote:

 bearophile Wrote:
 
 Another of those billion dollar mistakes D2 will not be able to avoid!
 
 http://www.microsoft.com/technet/security/advisory/979352.mspx
 
Our investigation so far has shown that Internet Explorer 5.01 Service
Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and
that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000
Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and
Internet Explorer 8 on supported editions of Windows XP, Windows
Server 2003, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 are vulnerable. The vulnerability exists as an
invalid pointer reference within Internet Explorer. It is possible
under certain conditions for the invalid pointer to be accessed after
an object is deleted. In a specially-crafted attack, in attempting to
access a freed object, Internet Explorer can be caused to allow remote
code execution.<

 
 In future if I can I'll keep posting here other widely destructive
 examples of this class of bugs.
 
 Bye,
 bearophile

 
 Sad but true, until D becomes so mainstream that it becomes tool for
 making such software, I don't think there will be people trying to find
 and abuse such bugs.
 
 And yes, pointers can be pain in the butt - that's why I switched to D
 :D

[OT] D is still too low level for extremely reliable software. I don't 
know how Bjarne and M$ developers feel now, but because of low level 
languages, the rumor says that chinese have stolen world class US trade 
secrets and also got information about innocent dissidents who vote for 
democracy in order to assassinate them later.

Bane <branimir.milosavljevic gmail.com> writes:

retard Wrote:

 Tue, 19 Jan 2010 06:00:50 -0500, Bane wrote:
 
 bearophile Wrote:
 
 Another of those billion dollar mistakes D2 will not be able to avoid!
 
 http://www.microsoft.com/technet/security/advisory/979352.mspx
 
Our investigation so far has shown that Internet Explorer 5.01 Service
Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and
that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000
Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and
Internet Explorer 8 on supported editions of Windows XP, Windows
Server 2003, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 are vulnerable. The vulnerability exists as an
invalid pointer reference within Internet Explorer. It is possible
under certain conditions for the invalid pointer to be accessed after
an object is deleted. In a specially-crafted attack, in attempting to
access a freed object, Internet Explorer can be caused to allow remote
code execution.<

 
 In future if I can I'll keep posting here other widely destructive
 examples of this class of bugs.
 
 Bye,
 bearophile

 
 Sad but true, until D becomes so mainstream that it becomes tool for
 making such software, I don't think there will be people trying to find
 and abuse such bugs.
 
 And yes, pointers can be pain in the butt - that's why I switched to D
 :D

 
 [OT] D is still too low level for extremely reliable software. I don't 
 know how Bjarne and M$ developers feel now, but because of low level 
 languages, the rumor says that chinese have stolen world class US trade 
 secrets and also got information about innocent dissidents who vote for 
 democracy in order to assassinate them later.

Slightly better than mr. Samuel Colt or Alfred Nobel?

retard <re tard.com.invalid> writes:

Tue, 19 Jan 2010 07:06:42 -0500, Bane wrote:

 retard Wrote:
 
 Tue, 19 Jan 2010 06:00:50 -0500, Bane wrote:
 
 bearophile Wrote:
 
 Another of those billion dollar mistakes D2 will not be able to
 avoid!
 
 http://www.microsoft.com/technet/security/advisory/979352.mspx
 
Our investigation so far has shown that Internet Explorer 5.01
Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not
affected, and that Internet Explorer 6 Service Pack 1 on Microsoft
Windows 2000 Service Pack 4, and Internet Explorer 6, Internet
Explorer 7 and Internet Explorer 8 on supported editions of Windows
XP, Windows Server 2003, Windows Vista, Windows Server 2008,
Windows 7, and Windows Server 2008 R2 are vulnerable. The
vulnerability exists as an invalid pointer reference within
Internet Explorer. It is possible under certain conditions for the
invalid pointer to be accessed after an object is deleted. In a
specially-crafted attack, in attempting to access a freed object,
Internet Explorer can be caused to allow remote code execution.<

 
 In future if I can I'll keep posting here other widely destructive
 examples of this class of bugs.
 
 Bye,
 bearophile

 
 Sad but true, until D becomes so mainstream that it becomes tool for
 making such software, I don't think there will be people trying to
 find and abuse such bugs.
 
 And yes, pointers can be pain in the butt - that's why I switched to
 D :D

 
 [OT] D is still too low level for extremely reliable software. I don't
 know how Bjarne and M$ developers feel now, but because of low level
 languages, the rumor says that chinese have stolen world class US trade
 secrets and also got information about innocent dissidents who vote for
 democracy in order to assassinate them later.

 
 Slightly better than mr. Samuel Colt or Alfred Nobel?

Heh, good point =)

Lutger <lutger.blijdestijn gmail.com> writes:

On 01/19/2010 08:11 AM, bearophile wrote:
 Another of those billion dollar mistakes D2 will not be able to avoid!

 http://www.microsoft.com/technet/security/advisory/979352.mspx

 Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4
on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet
Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and
Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported
editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server
2008, Windows 7, and Windows Server 2008 R2 are vulnerable. The vulnerability
exists as an invalid pointer reference within Internet Explorer. It is possible
under certain conditions for the invalid pointer to be accessed after an object
is deleted. In a specially-crafted attack, in attempting to access a freed
object, Internet Explorer can be caused to allow remote code execution.<

 In future if I can I'll keep posting here other widely destructive examples of
this class of bugs.

 Bye,
 bearophile

SafeD?

Michel Fortin <michel.fortin michelf.com> writes:

On 2010-01-19 07:17:22 -0500, Lutger <lutger.blijdestijn gmail.com> said:

 On 01/19/2010 08:11 AM, bearophile wrote:
 Another of those billion dollar mistakes D2 will not be able to avoid!
 
 http://www.microsoft.com/technet/security/advisory/979352.mspx
 
 Our investigation so far has shown that Internet Explorer 5.01 Service 
 Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and 
 that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 
 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and 
 Internet Explorer 8 on supported editions of Windows XP, Windows Server 
 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 
 2008 R2 are vulnerable. The vulnerability exists as an invalid pointer 
 reference within Internet Explorer. It is possible under certain 
 conditions for the invalid pointer to be accessed after an object is 
 deleted. In a specially-crafted attack, in attempting to access a freed 
 object, Internet Explorer can be caused to allow remote code execution.<

 
 In future if I can I'll keep posting here other widely destructive 
 examples of this class of bugs.
 
 Bye,
 bearophile

 
 SafeD?

Almost there. But still not fully memory-safe:
<http://d.puremagic.com/issues/show_bug.cgi?id=3677>


-- 
Michel Fortin
michel.fortin michelf.com
http://michelf.com/