Comment by IshKebab
2 days ago
Rust does not do "nothing" to prevent logic errors. On the contrary, its strong type system makes them much less likely than in C.
Also security isn't the only reason to prefer Rust to C.
But I do agree ffmpeg would see a much bigger benefit from being written in Rust.
Look, I like Rust and ported every bit of C I used to it a decade ago but this is not a compelling argument. The coreutils rewrite is an existence proof that the typing system doesn’t motivate this class of error and a moment’s thought would explain why (you’d have to be very familiar with the attack patterns to know to create types like “handle to private file failing if the name exists” and they weren’t).
What could help would be a modern API implementing the same patterns that GNU coreutils evolved over the last 4 decades but that’d be less the language than the library and it’d only go so far because some of those utilities legitimately need to things which are otherwise rare in most applications.