• Cratermaker@discuss.tchncs.de
    link
    fedilink
    arrow-up
    24
    ·
    8 months ago

    I don’t speak C, but isn’t this an extreme simplification of the issue? I thought memory could be abused in an almost infinite number of subtle ways outside of allocating it wrong. For example, improperly sanitized string inputs. I feel like if it were this easy, it would have been done decades ago.

    • WolfLink
      link
      fedilink
      arrow-up
      8
      ·
      8 months ago

      Buffer overflows are far from the only way for improperly sanitized inputs to be a problem

    • lysdexic@programming.devOP
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      8
      ·
      8 months ago

      I think this can be explained by underlining the differences between could, would, and should.

      The blog states the fact that at least some C compilers already offer the necessary and sufficient tools that characterize “memory-safe” languages, and proceeds to illustrate examples. This isn’t new. However, just like “memory-safe” languages enforce narrow coding styles through a happy path that is expected to prevent the introduction of some classes of vulnerabilities, leveraging these compiler features in C projects also requires the same type of approach.

      This isn’t new or unheard of. Some C++ frameworks are also known for supporting their own memory management and object ownership strategies, but you need to voluntarily adhere to them.