Hacker News new | comments | ask | show | jobs | submit login

> You have to watch what compiler flags you use, like someone turning off stack cookies, not using clang's sanitizers. Check out https://clang.llvm.org/docs/AddressSanitizer.html it would have prevented the Heartbleed vulnerability if it existed at the time.

If that was true, then so would Valgrind have, and Valgrind was in wide use at the time.

It was however more complicated than that. If my memory serves me right - OpenSSL had its own memory management.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact