Expecting people to do that at scale is out of touch. Humans are not capable of completely avoiding mistakes. Blaming programmers for flaws in tools isn't going to fix the problems. Systemic issues are best solved with a systemic fix, not an expectation of avoiding human errors.
Conversation
True, but using safe integer functions here and there could help.
At least where values can be controlled by external input. I mean, they do that a lot afterwards during patching, so they could have done it in the first place as well. :)
1
The issue is not a lack of good ways to perform overflow checks. Integer arithmetic is everywhere and unchecked overflow is the default in C and C++. Realistically, developers are not going to carefully check and document why each unchecked arithmetic operation cannot overflow.
1
Developers are going to continue making these errors, and the tooling does not give them a way to realistically avoid all of these issues even when taking great care. When the default behavior of something so pervasive is unsafe, it will never be surprising that it goes wrong.
1
Yes we agree that the problem is not lack of safe ways to do things.
That's given in this context. It's either lack of time to actually comply with them, or 'just cause...'. That was my point actually.
1
Developers that are taking great care, carefully reviewing code and having it audited still end up having a steady stream of integer overflow and memory corruption bugs when the language of choice is one where those are pervasive issues encouraged and obscured by language design.
1
You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more
See twitter.com/DanielMicay/st. It's more than compiling with the right flags, since it requires a more robust way of writing software where benign overflows are avoided and every intended overflow is marked as such: source.android.com/devices/tech/d. Best to take the approach from the start.
Quote Tweet
Replying to @DanielMicay @pwnallthethings and @aionescu
As an example:
source.android.com/devices/tech/d
android-developers.googleblog.com/2016/05/harden
android-developers.googleblog.com/2018/06/compil
Some languages like Swift have integer overflow checking as the default, while others have standard support for enabling it (C#) rather than needing compiler extensions.
1
Yes I am not proposing a panacea. I am just saying that they could have used safe integer functions in the first place, instead of keep applying them as a fix every time a critical bug emerges.
1
You’re unable to view this Tweet because this account owner limits who can view their Tweets. Learn more
My impression is it's often glossed over that there was an integer overflow since it's usually a vulnerability due to triggering a memory corruption. It often ends up just being considered a heap overflow or use-after-free since that's what the integer overflow ended up causing.