科技回声

nayuki超过 2 年前

[2021-02-12] <Daniel Stenberg> Will I ever rewrite curl in rust? I don't believe in rewrites, no matter which language. I believe in replacing code and fixing components gradually over time. That <i>could</i> mean that we have a curl written mostly in rust in 10 years. Or in 20 years. Or not. -- <a href="https://twitter.com/bagder/status/1360131939794042884" rel="nofollow">https://twitter.com/bagder/status/1360131939794042884</a><p>[2023-02-14] <The article> the fuzzer quickly uncovered memory corruption bugs, specifically use-after-free issues, double-free issues, and memory leaks

评论 #34796219 未加载

gigaflops超过 2 年前

Memory, memory, memory, and memory again. All 4 of them.<p>Yet everyone’s idea of safety still seems to be “just write bug-free C code, bro”.

评论 #34791648 未加载

评论 #34790471 未加载

评论 #34817638 未加载

评论 #34793230 未加载

评论 #34792825 未加载

CharlesW超过 2 年前

TLDR: We fuzzed something that wasn't previously fuzzed — specifically, CLI arguments — and found some good bugs. Lesson: Don't forget to fuzz all the methods people might use to interface with your software.

评论 #34796017 未加载

评论 #34792829 未加载

andrewmcwatters超过 2 年前

Boy if they only used Rust, then these curl commands that no one would ever enter would have been memory safe.

评论 #34791162 未加载

评论 #34791666 未加载

Curl audit: How a joke led to significant findings

4 条评论

Curl audit: How a joke led to significant findings

4 条评论