25
C can be memory-safe (2023)
(blog.erratasec.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 25 Mar 2024
25 points (100.0% liked)
C Programming Language
1164 readers
1 users here now
Welcome to the C community!
C is quirky, flawed, and an enormous success.
... When I read commentary about suggestions for where C should go, I often think back and give thanks that it wasn't developed under the advice of a worldwide crowd.
... The only way to learn a new programming language is by writing programs in it.
- irc: #c
🌐 https://en.cppreference.com/w/c
founded 2 years ago
MODERATORS
I don't speak C, but isn't this an extreme simplification of the issue? I thought memory could be abused in an almost infinite number of subtle ways outside of allocating it wrong. For example, improperly sanitized string inputs. I feel like if it were this easy, it would have been done decades ago.
Buffer overflows are far from the only way for improperly sanitized inputs to be a problem
Use after free, null pointer dereference, double free.
Solutions to these in C end up looking a lot like Rust.
Yes. If you disabled unions and pointer casts, basically no C code would compile.
I think this can be explained by underlining the differences between could, would, and should.
The blog states the fact that at least some C compilers already offer the necessary and sufficient tools that characterize "memory-safe" languages, and proceeds to illustrate examples. This isn't new. However, just like "memory-safe" languages enforce narrow coding styles through a happy path that is expected to prevent the introduction of some classes of vulnerabilities, leveraging these compiler features in C projects also requires the same type of approach.
This isn't new or unheard of. Some C++ frameworks are also known for supporting their own memory management and object ownership strategies, but you need to voluntarily adhere to them.