npub19z…spj90 on Nostr: Uh oh I'm accidentally being topical. The cURL vuln yesterday was a memory safety ...
Uh oh I'm accidentally being topical.
The cURL vuln yesterday was a memory safety issue that wouldn't have happened outside of C/C++, yes, but it was also something else:
It was a handrolled event driven state machine failing to manage its locals and initialization conditions correctly.
My OSFC talk today is on how to avoid _exactly this_ by using async/await in Rust. (C++ coroutines will just make new and exciting memory safety bugs.)
Gotta add a slide I guess.
#rust #curl
The cURL vuln yesterday was a memory safety issue that wouldn't have happened outside of C/C++, yes, but it was also something else:
It was a handrolled event driven state machine failing to manage its locals and initialization conditions correctly.
My OSFC talk today is on how to avoid _exactly this_ by using async/await in Rust. (C++ coroutines will just make new and exciting memory safety bugs.)
Gotta add a slide I guess.
#rust #curl