• d-bugmail puremagic.com (21/21) Nov 01 2021 https://issues.dlang.org/show_bug.cgi?id=22465

d-bugmail puremagic.com writes:

https://issues.dlang.org/show_bug.cgi?id=22465

          Issue ID: 22465
           Summary: Unicode Trojan Source Vulnerability
           Product: D
           Version: D2
          Hardware: All
                OS: All
            Status: NEW
          Severity: major
          Priority: P1
         Component: dmd
          Assignee: nobody puremagic.com
          Reporter: bugzilla digitalmars.com

Source code can be maliciously encoded with Unicode characters in comments,
string literals, and character literals so source code can be different than
what it visually appears to be.

As documented:

https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/
https://www.trojansource.codes/trojan-source.pdf
https://news.ycombinator.com/item?id=29062982

--