[TUHS] Buffer overflow found/fixed in v4 tape ;)

Steffen Nurpmeso via TUHS tuhs at tuhs.org
Tue Jan 6 05:05:58 AEST 2026 

Dan Cross via TUHS wrote in
 <CAEoi9W6z6Cu4+cw0zQVod9_6NyLKgyA3_3rcD+y+V+y2oW4DSQ at mail.gmail.com>:
 |On Mon, Jan 5, 2026 at 12:28 PM Clem Cole via TUHS <tuhs at tuhs.org> wrote:
 |> On Mon, Jan 5, 2026 at 12:08 PM Paul Winalski via TUHS <tuhs at tuhs.org> \
 |> wrote:
 |>> The problem with that philosophy is that a buffer overflow doesn't
 |>> necessarily lead to a program crash.  A program crash is the lucky
 |>> outcome.  If you're unlucky you will silently get the wrong answer, or
 |>> other misbehavior.
 |>
 |> Right - which is why it took something catastrophic like the Morris Worm
 |> and shortly thereafter, the infamous smash the stack paper: (
 |> https://inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf) for
 |> people to wake up to the fact that it really was an issue for many
 |> programs.
 |>
 |> I recall that some of the language folks (particularly those heavily
 |> involved in the Pascal *vs.* C war) like to say things like: *"See, the
 |> compiler should have general bounds-checking code."  *I can't say \
 |> I agreed
 |> on the general topic (there were too many things Pascal got wrong), but
 |> note that today both Go and Rust provide automatic bounds checking \
 |> for all
 |> array and slice accesses at runtime.
 |
 |Sadly, Rust turns it off for optimized ("Release") builds. Personally,
 |I think that's a mistake; it ought to be an _explicit_ opt-out via a
 |dedicated compiler option.

Sadly is -- to me -- that this "memory safe" storm blows away any
factualities.  Furthermore, it seems anyone is willing to join
into this choir, and as always i do not know why.  Maybe an
outcome of some "boring company" (and hoping the term is not
trademarketed beyond usability).

 |I used to work with a former Microsofty who had worked on Midori, and
 |who told me that M# (the variant of C# they used) did bounds checking
 |for _all_ array accesses). At one point they tried to measure the cost
 |of doing that, and realized it was down in the noise floor.

..and fact is that any language i know supports bound-checked
array accesses.  You only have to code it.  And have the
discipline to use that interface, and that interface alone.
This argument extends to more things.

In early September 2024 there was a very long thread on some
FreeBSD list where a long time contributor and kernel hacker
jumped into the at that time "hot" (there was that Linux
filesystem discussion thing where a Rust promoter stepped down
not back after claiming that ~"blocking Rust" is "non-technical
nonsense" (Google says for "linux rust non-techincal nonsense").
And he said

 |> In fact, of all the C bug fixes that I've been involved with (as
 |> either author or reviewer) since May, about three quarters could've
 |> been avoided just by using a better language.
 |...
 |> To summarize, here's the list of this week's security advisories, and
 |> also some other recent C bug fixes of my own involvement

That really interested me, and i looked over them [1], likely not
longer than a minute code-looking for each one (claiming t"he ones
from OpenSSL and ctld are more complex" instead of looking more
deeply), and i ended up saying

  Examples.  I find the absolute opposite after checking four.

Later in the thread one developer of a patch i did not look
further into because of complexity stated his was ~"not a C error"
either.  So that is that.

And then, how could any language help when, as i say in [1],
"a byte buffer of reality matches a structure of a language
abstraction".  More than C?
And things often seen in C, beyond that struct{x;y;char flex[];},
where a larger buffer is allocated to store some structure at
the bottom and a buffer thereafter, in one hot memory chunk.
You can create an interface that accesses memory within "flex"
safely, even then.
And then you can use a string object that knows its length.
And all that -- you all know that, better than i do.

In the non-mellow sphere of programmers lots of sledgehammerheads
bang into this "memory safe" notch, as if they were the "king of
the bongo .. bong!".

Whereas i think it is beneficial to create a wider context so that
at least in certain forums different realities can be heard.
Not that it all ends up with AI rewriting any C or C++ code in
Rust, without any little human programmer getting paid for
anything of that rewrite, which does not fix just one logic error.

  [1] https://marc.info/?l=freebsd-hackers&m=172557660704363&w=2

Array bound checking, i mean, come on.  Cheech and Chong are
beaners without that.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

More information about the TUHS mailing list