Conversation
in some cases they make unsigned overflow into a fatal error also ♥️♥️♥️
3
5
In a bunch of places :), . The media handling code has it on since that was the majority root cause of security bugs there.
I'm a huge believer in turning it on in prod. Rewriting miles of code isn't realistic, testing only finds so much, and it prevents exploits
1
3
Yes! I will happily pay 1% perf for blocking shell code.
1
2
Do we know if these options will end up in gcc? Clang is a possibility for us but it’s a bigger lift.
Also wondering about force initializing to 0 options.
1
there's reasonable stuff in LLVM for forcing zero initialization but I do not know the status, or if GCC has anything analogous
cc
1
1
clang has: clang.llvm.org/docs/ClangComm
and you can force zero with: clang.llvm.org/docs/ClangComm
Which is the *best* name ever.
I believe that GCC was looking at this too? would know.
MSVC has InitAll: msrc-blog.microsoft.com/2020/05/13/sol
and
5
7
it has been literally less than a day since I was burned by uninitialized stack memory in C++, which somehow makes reasoning about this unreasonably difficult
2
6
I find that it can be very difficult to track down memory corruption in C++ in general. It's usually far easier for C code since there's a lot less magic and abstraction. Modern C++ is a paradise for latent use-after-free bugs. I'm really not convinced that it improves safety.
4
1
11
The whole topic is trivial in C if you don't do outright stupid things. Most code needs no complex lifetimes, and if it does, just use talloc or similar. The fancy abstractions make it orders of magnitude harder.
3
2
Depends a lot on what kind of code you're writing. I think it's hard enough to avoid memory safety bugs in C.
I don't think modern C++ actually succeeds at providing safety beyond avoiding memory leaks and that comes at the cost of implicit use-after-free bugs.
Main issue is that it's so ridiculously complex and I do not have a deep understanding of the language despite knowing so much about it. Being in the 95th percentile of knowledge about C++ among C++ programmers still means you have no clue how the language works.
1
2
C++ is a terrible language for building sophisticated abstractions. Lack of proper generics and all the complexity, subtle rules, etc. combined with the culture of layering abstraction upon abstraction doesn't play out well. It's ridiculously painful having to debug bugs we find.
1
2
Show replies
Memory leaks* are an underappreciated method for avoiding memory lifetime errors.
* often even for an incorrect definition of leak that's more like ε-less-than-optimal time of free.
1
2
Certainly underrated.
The only example I can recall currently is WebKit's parking_lot. The alternative would be some form of deferred reclamation, but since the leak has a small upper bound, it's an acceptable tradeoff for them.
webkit.org/blog/6161/lock ("Resizing the Table")
1