top | item 40009900

(no title)

tus666 | 1 year ago

No, but I would never, ever, ever, EVER write data to a buffer without specifying the buffer size or reallocing where necessary.

This just smells so much like a Javascript script kiddy who wanted to join the cool brigade and write something h4kor1sh in C. Ugh.

discuss

krainboltgreene|1 year ago

This comment is like opening the box to a time capsule from 2010. I haven't seen anyone communicate like this since I last touched an IRC channel.

I'm dying at the idea that someone would think C is the "cool brigade".

sofixa|1 year ago

Yeah, C hasn't been "cool" in a few decades.

cjbprime|1 year ago

Literally every serious C/C++ project has shipped memory unsafety vulnerabilities. We have discovered, as the global community of programmers, that humans are not smart enough to write C code without doing that. It is time to blame the language (or the species) and move on.

Let's not pretend that the people writing the unsafe code are unimaginably stupid. They are extremely imaginably stupid, as we all are.

tus666|1 year ago

Most memory vulnerabilities are use-after-free which due to the nature of C is a very easy mistake to make.

Buffer overflows are simple inexcusable, especially if its "we didn't bother checking" rather than "we got the size wrong due to human error".

The first case is not normal, people like that should not be programming HTML let alone C code.