Wait Android is using part of UBSan — we aren’t talking about -fwrapv and friends? Cool, I must learn more!
Conversation
in some cases they make unsigned overflow into a fatal error also ♥️♥️♥️
3
5
In a bunch of places :), . The media handling code has it on since that was the majority root cause of security bugs there.
I'm a huge believer in turning it on in prod. Rewriting miles of code isn't realistic, testing only finds so much, and it prevents exploits
1
3
Yes! I will happily pay 1% perf for blocking shell code.
1
2
Do we know if these options will end up in gcc? Clang is a possibility for us but it’s a bigger lift.
Also wondering about force initializing to 0 options.
1
there's reasonable stuff in LLVM for forcing zero initialization but I do not know the status, or if GCC has anything analogous
cc
1
1
clang has: clang.llvm.org/docs/ClangComm
and you can force zero with: clang.llvm.org/docs/ClangComm
Which is the *best* name ever.
I believe that GCC was looking at this too? would know.
MSVC has InitAll: msrc-blog.microsoft.com/2020/05/13/sol
and
5
7
it has been literally less than a day since I was burned by uninitialized stack memory in C++, which somehow makes reasoning about this unreasonably difficult
2
6
I find that it can be very difficult to track down memory corruption in C++ in general. It's usually far easier for C code since there's a lot less magic and abstraction. Modern C++ is a paradise for latent use-after-free bugs. I'm really not convinced that it improves safety.
I started in C++ but wrote it off years ago. It’s a disaster and not moving in the right direction.
2
I can't understand how it is still so widely adopted (except of embedded platforms, where decent replacements came up just in the last few years)
1
The whole topic is trivial in C if you don't do outright stupid things. Most code needs no complex lifetimes, and if it does, just use talloc or similar. The fancy abstractions make it orders of magnitude harder.
3
2
Depends a lot on what kind of code you're writing. I think it's hard enough to avoid memory safety bugs in C.
I don't think modern C++ actually succeeds at providing safety beyond avoiding memory leaks and that comes at the cost of implicit use-after-free bugs.
2
1
Show replies