Comment by oconnor663
4 months ago
Granted, there are plenty of people who don't understand these issue very well who think "Rust = no bugs". Of course they're wrong. But that said, this CVE is an interesting example of just how high the bar is that Rust sets for correctness/security. The bug is that, if you pass 18446744073709551616 as the width argument to this array transpose function, you get undefined behavior. It's not clear whether any application has ever actually done this in practice; the CVE is only about how it's possible to do this. In most C libraries, on the other hand, UB for outrageous size/index parameters would be totally normal, not even a bug, much less a CVE. If an application screwed it up, maybe you'd open a CVE against the application.
Many exploits work because an attacker tweaks the circumstances to some unlikely situation.
> Many exploits work because an attacker tweaks the circumstances to some unlikely situation.
True, but I think you're ignoring his/her point which is: Many languages, if the problem is UB, won't seek to fix the underlying problem. Their answer is: "Don't do that." Whereas Rust doesn't shirk it's responsibility in those situations, to fix the what is, here, even a theoretical issue.
By "many languages ... do" I assume you mean the people involved. Once you see more Rust code, you will see more such issues, more unmaintained libraries with such issues, and more programmers that do not care all that much, because they are not enthusiastic members of the Rust community caring a lot about memory safety, but people doing some job.
BTW are you Martin Uecker?
Yes