Easy really is the wrong word here. And there's still stuff sanitizers and static analyzers don't see. There's still exploits despite mitigations. In most cases, there's just no need to waste cognitive load on low level details. Higher level languages are more economical.
-
-
Replying to @andreasdotorg
I’m one of the best when it comes to finding 0day in C. :) but I know it’s easy now, to write safe C. You can disagree all you want, but the tools and mitigation’s are available. Our industry failure is not making access simple and straight forward.
2 replies 0 retweets 2 likes -
Replying to @DonAndrewBailey
#define SIZE 8192 char buf[SIZE]; void cpy(struct foo* p, int count) { int n = count * sizeof(struct foo); if ((n < SIZE) && (n > 0)) memcpy(buf, p, n); } Safe or not? Why? How many people can spot this? Which tools? Far from easy.6 replies 1 retweet 10 likes -
Replying to @andreasdotorg
Creating situations that are easily avoidable doesn’t prove your point, it proves mine. :)
1 reply 0 retweets 3 likes -
Replying to @DonAndrewBailey
What about the situation in the above code is easy to avoid? I've shown the snippet to rooms full of people who do code audits for a living. Maybe 1 in 30 even gets what the problem is. Regular engineers? Zero out of 30.
5 replies 0 retweets 2 likes -
Replying to @andreasdotorg
That’s total nonsense. No one that does professional code auditing would miss that. It’s the most basic C issue. I feel like you’re just trying hard to make your point. There are far more serious undefined issues. Evading this is cake.
2 replies 0 retweets 4 likes -
Replying to @DonAndrewBailey
I have the feeling that you still think that I am referring to integer overflows as the problem inthe above code. It is not. It is that what looks like the mitigation for the overflow, checking that the result is below zero, is wrong.
1 reply 0 retweets 1 like -
Replying to @andreasdotorg
the entire class of bugs is the overflow, the verification bypass from optimization and pointer arithmetic. I don’t get why you think you’re being clever trying to trick me. I’m going back to bed. When I wake up give me an actual problem I didn’t solve 10 years ago.1 reply 0 retweets 0 likes -
Replying to @DonAndrewBailey
The verification bypass from optimization is something that many, many people are not aware of. That's my point. And it's not easily avoidable, you need to tread very carefully. And then there's alot more UB in C that could bite you.
1 reply 0 retweets 0 likes -
Replying to @andreasdotorg
Stop talking to me as if you can teach me C when you can’t even see the variants of the LZO/LZ4 bugs in kernel land are UB relevant, yet you call them “standard” after checking for 5 minutes. Christ. Get over yourself
2 replies 0 retweets 0 likes
To be honest, I just read your blog post on the issue. It might be that you glossed over the usage of UB for verification bypass there, of course.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.