Great paper! Re: 2.1.4 'sizeof considered harmful' Not what I thought it was going to be about. There's a class of bug where they bzero(ptr, sizeof(ptr)) instead of bzero(ptr, sizeof(*ptr)), leaving the rest uninitialized. Also, no mention of out of bounds read?https://twitter.com/j00ru/status/1009839823195181056 …
Re: out-of-bounds reads, I agree that they may also lead to memory disclosure, but for fundamentally different reasons. As memory-safety violations were outside the scope of the paper, so were out-of-bounds accesses.