• @[email protected]
    link
    fedilink
    248 months ago

    I don’t speak C, but isn’t this an extreme simplification of the issue? I thought memory could be abused in an almost infinite number of subtle ways outside of allocating it wrong. For example, improperly sanitized string inputs. I feel like if it were this easy, it would have been done decades ago.

    • @[email protected]
      link
      fedilink
      48 months ago

      Use after free, null pointer dereference, double free.

      Solutions to these in C end up looking a lot like Rust.

    • @[email protected]OP
      link
      fedilink
      English
      -78 months ago

      I think this can be explained by underlining the differences between could, would, and should.

      The blog states the fact that at least some C compilers already offer the necessary and sufficient tools that characterize “memory-safe” languages, and proceeds to illustrate examples. This isn’t new. However, just like “memory-safe” languages enforce narrow coding styles through a happy path that is expected to prevent the introduction of some classes of vulnerabilities, leveraging these compiler features in C projects also requires the same type of approach.

      This isn’t new or unheard of. Some C++ frameworks are also known for supporting their own memory management and object ownership strategies, but you need to voluntarily adhere to them.