Yep. And choosing a language that eliminates whole classes of exploitable vulnerabilities is part of good architecture in my book. I won't deny that OpenSSH is comparatively well written. But writing C is much harder than most people realize. Undefined behaviour everywhere.
The argument is not that it is impossible to write correct code. Just that it takes effort and skilled people. It's still hard to get right, and easy to get wrong.
-
-
The only undefined behaviour that I've seen catch someone out (although it didn't cause any actual issues in practice, with any optimization level) was the left-shift casting to a 32-bit signed integer (e.g. (0x80 << 24) is an int, rather than an unsigned int).
-
Now, my point is that this undefined behaviour that you're talking about generally does not catch out engineers (especially with warnings emitted by modern compilers). I understand what you're trying to say but I don't find your examples compelling.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.