Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So?

There millions of lines of code, from the best C/C++ programmers, even the kernel, that add two ints in all kinds of programs.

Why is this suddenly a valid concern, especially for a code example, not NASA's missile code or Tesla's self-driving libs?



It is not a sudden concern, it has been ignored since C and C++ exist, and only became worse with code exposed to the world via the Internet.

"Many years later we asked our customers whether they wished us to provide an option to switch off these checks in the interests of efficiency on production runs. Unanimously, they urged us not to--they already knew how frequently subscript errors occur on production runs where failure to detect them could be disastrous. I note with fear and horror that even in 1980, language designers and users have not learned this lesson. In any respectable branch of engineering, failure to observe such elementary precautions would have long been against the law."

-- Tony Hoare, "The 1980 ACM Turing Award Lecture"

Millions of people also drive without security belt or helmet, apparently they are an useless extra.


Google for "site:cvedetails.com integer overflow linux"

Yeah, there are places in code like that, and many of those lines have been security vulnerabilities.

For anyone who is surprised by this and is handling untrusted data in C/C++, it's a good idea to read up on the subject.


> Why is this suddenly a valid concern, especially for a code example, not NASA's missile code or Tesla's self-driving libs?

It's been a valid concern for years. I'm not sure where you get "suddenly" from.

And where do you think the people writing NASA or Tesla code tomorrow are learning code from today?


>I'm not sure where you get "suddenly" from.

I'm getting it from the inanity of pointing it out in a sample C++ code in a post announcing a new FFI lib.

It's something people can write 100000 line programs and rarely care about to check. So quite far from the first concern that one should have when writing a sample 2 line function to showcase an FFI helper.

In other words, it's as relevant as someone saying 1+1=2 casually and someone pointing out in all pomposity that "actually the representation depends on the base of the number system, in binary it would be 1+1=10".


You read the joke as if it was a comic book guy skit in the Simpsons, but I intended to convey it more like a Sideshow Bob & rake situation. "Ok, let's make a C++ extension" blam "Grml grml grml..."

I guess it depends if your expectations are those of a Python programmer or those of a C++ programmer.


> I guess it depends if your expectations are those of a Python programmer or those of a C++ programmer.

That's a very good point, especially since there are people in this thread looking for using Pybind11 to speed up their existing Python code. They should be aware of the serious risks to correctness if they naively reimplement their Python code in C++. (People who regularly write in C or C++, we would hope, have heard this a thousand times before.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: