[Info-vax] Rust as a HS language, was: Re: Quiet?
Arne Vajhøj
arne at vajhoej.dk
Wed Apr 6 09:30:30 EDT 2022
On 4/5/2022 2:05 PM, Simon Clubley wrote:
> It looks like Rust has come up with rather unique ways to screw up:
I think you have a mysterious understanding of what is unique in
programming.
(and this is not Rust as such but libraries written in Rust)
> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=rust
>
> Take this one (which I picked at random) for example:
>
> https://rustsec.org/advisories/RUSTSEC-2020-0148.html
This is actually 3 problems.
Two problem with code that is not thread safe.
One problem with is a gross violation of Rust rules.
Neither is particular unique.
I am willing to claim that you can find examples of concurrency
problems in most languages.
And the last problem may not happen in high level languages, but
you can certainly do it in C - you can cast a const something *
to a something *. And likely pay the price at some point in time.
But note that all 3 are marked unsafe. So they are code that
should be reviewed extra careful.
> Or this one (which is a nice good old fashioned out of bounds memory access):
>
> https://rustsec.org/advisories/RUSTSEC-2020-0039.html
Very common error.
Definitely not unique.
And again the code is marked unsafe aka checks explicit disabled.
Default checked with ability to disable check is probably the best
that is possible for a low level language.
Arne
More information about the Info-vax
mailing list