[–]▶ No.1027067>>1027074 >>1027163 >>1027276 >>1027284 >>1028016 [Watch Thread][Show All Posts]
>C takes safety and places it into the programmer's hands.
>If there's a problem with a program, it's because the programmer fucked up in one instance.
OH NoNOnoNONo.... OHOHH NOOOONOONONO.... BAHAHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHAHAAHA
https://www.cvedetails.com/vulnerability-search.php?f=1&vendor=&product=&cveid=&msid=&bidno=&cweid=&cvssscoremin=&cvssscoremax=&psy=&psm=&pey=&pem=&usy=&usm=&uey=&uem=&opmemc=1&opov=1
▶ No.1027071>>1027072
Imagine being Rustfag who gets THIS asshurt when someone says bad things about his language
▶ No.1027072
>>1027070
>>1027071
>damage control
sage negated btw :^^^)
▶ No.1027074>>1027077
>>1027067 (OP)
> a bunch of obscure libraries that no one uses have vulnerabilities
Literally so what? Shit thread tbh.
▶ No.1027077>>1027081
▶ No.1027078
>>1027076
>cnile LARPer
sage negated btw
▶ No.1027080>>1027083
>op "negates" sages by bumping his own thread
What a fucking nigger
▶ No.1027081>>1027083
>>1027077
So only game devs are affected? Coolio, dudeman.
▶ No.1027083>>1027159
>>1027080
:^)
>>1027081
>only game devs use compression or images
spotted the LARPer
▶ No.1027084>>1027085 >>1027086
>title implies C has vulns
>post links to vulns in libraries written in C
Kill yourself
▶ No.1027086
▶ No.1027089>>1027090
OP is so gay that he bought whole pallet of pic related.
▶ No.1027101>>1027104
>>1027090
You don't understand what sage is for, faggot
▶ No.1027104
>>1027101
sage = downboat
anti sage = upboat
▶ No.1027106>>1027122
https://www.cvedetails.com/cve/CVE-2018-17182/
>An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
epic
▶ No.1027113
▶ No.1027120>>1027130
whataboutism is the true mark of the weenie
▶ No.1027122>>1027123
>>1027106
>thinking rewriting it in rust would solve anything
▶ No.1027123>>1027125
>>1027122
thanks for spreading the word that C/C++ is harmful
▶ No.1027125>>1027126
>>1027123
Call me back when your project gets 20+ years of real world use.
▶ No.1027126>>1027135
>>1027125
You mean 20+ years worth of buffer overflows, right?
XD
▶ No.1027130
>>1027120
>can't respond to an argument
>call it a bad name
>not a weenie
▶ No.1027135>>1027138
>>1027126
>rust
>2 buffer overflows in 2018 in standard library
>barley anyone uses it
>supposedly prevents buffer overflows by use of safety magic
▶ No.1027138>>1027139 >>1027144 >>1027419
>>1027135
>2 buffer overflows in 2018
https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-767/year-2018/opov-1/GNU-Glibc.html
>C/C++
>7 buffer overflows in 2018 in standard library
>everybody uses it
>supposedly prevents buffer overflows because programmer are perfect
▶ No.1027139>>1027140
>>1027138
>language prevents buffer overflows
>programmer are perfect
nobody makes this argument though.
in a world of swordsmen, you're comparing a single knight order (the knights of "let's be really disciplined and not make mistakes in the first place") with some nunchuck advocates who argue that a non-edged weapon can completely prevent accidental cuts.
▶ No.1027140>>1027141
>>1027139
>nobody makes this argument though.
LARPers on /tech/ make this argument everytime this topic comes up. see >>1026759
▶ No.1027141>>1027142
>>1027140
no, literally nobody on /tech/ has ever said that programmers
are
perfect or that C++
prevents
buffer overflows. People argue all the time that pursuing perfect gets you there faster than pursuing a tool.
▶ No.1027142>>1027145
>>1027141
>no, literally nobody on /tech/ has ever said that programmers are perfect
Yes they have. If you weren't a newfag you would know this.
▶ No.1027144>>1027278 >>1027554
>>1027138
>C 13.337% market share
>C++ 8.158% market share
>21.5% total, 7 overflows in std lib - OVF/% = 0.326
>rust 0.360%, 2 overflows in std lib - OVF/% = 5.556
Keep shilling your meme language. Even COBOL has more users than Rust in 2019.
▶ No.1027145>>1027146 >>1027176
>>1027142
nah you're just stupid. Next time you encounter what you think is "programmers are perfect", ask it if pajeets are prefect, too. Or if Rust should have a zero buffer overflow record because Rust programmers are also perfect.
▶ No.1027146
>>1027145
>nah you're just stupid
newfag
>Next time you encounter what you think is "programmers are perfect", ask it if pajeets are prefect, too.
I did. The LARPers replied that pajeets aren't real programmers.
▶ No.1027159>>1027160
>>1027083
But that's accurate friendo.
▶ No.1027160
▶ No.1027163>>1027167 >>1027168
>>1027067 (OP)
The whole point of a language is to be tool to make something, if you fuck up that's on you.
C/C++ are like a screwdriver, if you stick it into a electric outlet no shit you are gonna get burned, Rust is like a screwdriver that snaps in half no matter what you do. Having the language itself make your programs unsafe while claiming to do the opposite is completely unacceptable.
▶ No.1027167
>>1027163
>this is what cniles actually believe
thanks for not saging btw.
▶ No.1027168>>1027170
>>1027163
> while claiming to do the opposite
Exactly, and that's after contorting your algorithm to comply with Rust's strict type checking. All that effort, for nothing.
▶ No.1027170>>1027256
>>1027168
>type checking is bad
pajeet
▶ No.1027172>>1027176 >>1027185 >>1027240
>Rust shillfags shilling their slave mentality language ITT
If you can't design your software to not have buffer overflows, you're a fucking pajeet, full stop. Learn how a fucking computer works so you can write good code that is designed to run on a computer. You Rustfags are going to turn programming into a sandbox where only (((they))) have access to instructions you're not even aware exists because they're (((undocumented))). Oh wait, we already have this shit because so many of you fags just couldn't code to save your lives so you need (((safety))) (gatekeeping) language features.
▶ No.1027176
▶ No.1027185>>1027187 >>1027188
>>1027172
hello friend. Do you agree that programmers are perfect?
Do you think that C++ prevents buffer overflows?
▶ No.1027187
>>1027185
Of course, fellow cnile!
▶ No.1027188>>1027190
>>1027185
>thinking you have to be perfect to not write programs with glaring holes like buffer overflows
Why is the concept of loop invariants so hard for pajeets to understand?
▶ No.1027190>>1027192
>>1027188
spotted the LARPer
▶ No.1027192>>1027194
>>1027190
???
What's so hard to understand about terminating a loop over a fixed-size buffer?
▶ No.1027194>>1027199 >>1027201
>>1027192
Sorry, I'm not a perfect programmer. Please explain it to me, oh all-knowing cnile.
▶ No.1027199>>1027213
>>1027194
It's not a trick question. How do you terminate a loop over a fixed-size buffer? Let me make this easier for you:
char buf[50];
for (int i = 0; ... ; ++i)
{
// Copy to buf[i]...
}
What goes into the middle field of the for loop statement to ensure that a buffer overflow does not happen?
Many pajeets fail at this point of the interview. Will you be one of them?
▶ No.1027201
>>1027194
>Sorry, I'm not a perfect programmer.
You're not even a decent one, as you don't know what a loop invariant is.
▶ No.1027205>>1027207 >>1027224
▶ No.1027207
>>1027205
>I was just pretending to be retarded
▶ No.1027213>>1027221 >>1027228 >>1029824
>>1027199
char buf[50];
for (int i = 0; i <= 50; ++i)
{
// Copy to buf[i]...
}
Thanks C/C++ for not bounds checking.
▶ No.1027221>>1027222
>>1027213
>he can't write a simple for loop
The average numale programmer, everybody.
▶ No.1027222>>1027226 >>1027310
>>1027221
>cnile is unable realize he is being mocked
LARPing is a form of braindamage
▶ No.1027224
>>1027205
Then sage you nigger
▶ No.1027226>>1027231
>>1027222
The cnile guy is the LARP spammer. It's like pottery.
▶ No.1027228
>>1027213
Check yourself before you wreck yourself.
▶ No.1027229
OP finds out again that everything in IT is vulnerable
If you want to be safe, just don't use any computer at all
▶ No.1027231
>>1027226
>the absolute retard thinks this is a big revelation
▶ No.1027240>>1027244
>>1027172
You sound like a very high level C programmer. What work do you do?
▶ No.1027244
>>1027240
>he thinks the LARPer knows how to program
▶ No.1027256>>1027258
>>1027170
No, Rust's type checking is bad.
▶ No.1027258
▶ No.1027262>>1027315
>>1027213
char buf[50];
int main () {
for (int i = 0; i <= 50; i++) {
buf[i] = 0xFE;
}
return 0;
}
$ cppcheck test.c
Checking test.c ...
[test.c:9]: (error) Array 'buf[50]' accessed at index 50, which is out of bounds.
>not using cppcheck
>not using -fsanitize=address for dynamic memory
▶ No.1027276
>>1027067 (OP)
>>C takes safety and places it into the programmer's hands.
This phrase is sufficient. It illustrates that the two involved parties understand very different things under "safety".
Hence the backing for rust/nu-fox/whatever tranny crusade.
▶ No.1027278
>>1027144
>1337 marketshare
▶ No.1027284>>1027285 >>1027419
>>1027067 (OP)
Can you read? These are vulnerabilities with programmers implementations. Not the C language.
▶ No.1027285>>1027419
>>1027284
It was posted by a Rust brainlet, of course they can't read
▶ No.1027310
>>1027222
>hur hur I was pretending
Being wrong "on purpose" is still being wrong, retard.
▶ No.1027315>>1027318 >>1027419
>>1027262
C answer: easily put bugs in your software, and then habitually use tools to notice them and dig them back out.
Modern language (and also Ada) answer: make it harder to put bugs in your software.
In C++ you can use a range template that involves a trillion lines of library code and takes three centuries to compile or something. Ada:
with Ada.Text_IO; use Ada.Text_IO;
procedure Bounds is
Buffer : String (1 .. 50);
begin
for J in Buffer'Range loop
Buffer (J) := Character'Val (J);
end loop;
Put_Line (Buffer);
end Bounds;
as used:
$ ./bounds|od -c
0000000 001 002 003 004 005 006 \a \b \t \n \v \f \r 016 017 020
0000020 021 022 023 024 025 026 027 030 031 032 033 034 035 036 037
0000040 ! " # $ % & ' ( ) * + , - . / 0
0000060 1 2 \n
0000063
Types have lots of attributes and one of the attributes of array types is all of the valid indexes over the type. This is true regardless of the actual indexes of the type: it could be 1 thru 50 as in this example; it could be 0 thru 49; it could be Monday thru Sunday.
▶ No.1027318>>1027320
>>1027315
That programming language looks niggerlicious.
▶ No.1027320>>1027419 >>1027486 >>1027492
>>1027318
it scores a solid 15/10 for readability. Nothing else comes close. And you can avoid formatting idiosyncrasies with pretty-printed code ala gofmt.
You probably just wallow in stupid shit like using the comma operator to not have to put an assignment on its own line.
▶ No.1027419
>>1027284
>>1027285
see >>1027138
>>1027315
>>1027320
>ada shill LARPing his irrelevant language in a C/C++ thread
everytime
>You probably just wallow in stupid shit like using the comma operator
based
▶ No.1027423>>1027506
to be fair, everything has vulnerabilities
Java: insecure deserialization
PHP: file upload, file inclusion, PHP injection, PHP 5 still in use despite no security updates
C++: easy to write code vulnerable to buffer overflow attacks, pointer issues, etc.
Python: 2.7 no longer gets security updates for things like urllib
JavaScript: frameworks come and go in 6 months, and XSS is super common
HTML5: browser lockers abuse HTML features (along with JS)
XML: XXE attacks (XML External Entities)
show me a programming language or piece of software and I will show you a CVE for it
you must be REALLY new to tech if you think something having a vulnerability means it's an outlier
▶ No.1027486>>1027493 >>1027536
>>1027320
>readability
You're joking? It looks like shit. Like all old languages using the being/end, it's verbose/hard to see blocks and those apostrophes look very out of place.
Look at TCL/Rebol if you want reabable.
▶ No.1027492
>>1027320
Begin/end is verbose more than readable
▶ No.1027493>>1027497
>>1027486
Because C is a very modern language amirite.
▶ No.1027497
▶ No.1027506
>>1027423
Spark or a lisp dialect? I'm just curious.
▶ No.1027536>>1027539 >>1027559
>>1027486
>joking
No. Use Ada for a bit and it's impossible to notice how much more readable it is.
>languages using the being/end
like Ruby? You get a 'begin' with a function, procedure, or declare; mostly you have 'end'. loop ... end loop, for example. end is three letters and the one-byte alternative gets a whole line to its own anyway.
When Ada was introduced in the 80s, it was remarkably verbose compared to other languages. It's not remarkably verbose now. The C++ range template shit is a whole lot more verbose than a 'Range attribute
>apostrophes look very out of place
because of the prevalence shitty languages that use ' for string literals, any kind of default syntax highlighting won't be kind to Ada.
That's not what you'll be looking at normally, dude.
>TCL/Rebol
now this ain't serious.
▶ No.1027539>>1027541
>>1027536
>It's not remarkably verbose now.
It is. Stop shilling your shit in a C/C++ thread. Make an Ada thread.
▶ No.1027541>>1027542
>>1027539
this is actually a Rust thread.
Which is why it's an Ada thread.
▶ No.1027542
▶ No.1027554
>>1027144
checked and kek'd
▶ No.1027559>>1027565 >>1027570
>>1027536
>like Ruby? You get a 'begin' with a function, procedure, or declare; mostly you have 'end'. loop ... end loop, for example. end is three letters and the one-byte alternative gets a whole line to its own anyway.
How does being a brainlet feels like? Because if you think that the difference between begin/end and braces is the number of chars, you must know.
>>TCL/Rebol
>now this ain't serious.
1) This was about the syntax.
2) Bloatmasters who think that "one PL to rule them all" is better than a high level and low level combination with easy interfacing are just niggers.
▶ No.1027565>>1027570
>>1027559
based and anti saged
▶ No.1027570
>>1027565
and now it's anchored.
>>1027559
>this thing is more verbose than that thing
>but it's not because it's literally longer or anything
>bytes don't matter to the length of a string
because it's vertical space that matters? I feel like someone other than you just finished making that point...
yeah whatever. Ada's amazingly readable and 'end' doesn't contribute to its verbosity at all, and 'begin' is frequently occupying what would be an empty line anyway in another language. Ada as a whole is pretty tolerable; begin/end is just something obvious and easy for you to focus on, since you don't know anything and can't just compare your own code that you've written in one language vs. another.
▶ No.1027575
>>409188
My point is that it's easy to separate actual content from syntax noise when you don't use words for both. That's why sane syntaxes use punctuation for that.
▶ No.1027579
>C/C++ thread gets bumplocked
>Rust thread doesn't
Is varg a Rustfag????
▶ No.1028016
>>1027067 (OP)
What is the "C/C++" language? I've never heard of it.
▶ No.1029824>>1029888
>>1027213
Please, be bait.
▶ No.1029888
>>1029824
Nope. That is pure C/C++ retardation.
▶ No.1038550
i fixed your picture for you 100 percent original
▶ No.1038558
Secure coding is in the back of the book.
I cruise this site for new RCE exploits. https://www.exploit-db.com/
pic not related