Hacker News new | past | comments | ask | show | jobs | submit login

So we need a new flag for gcc that writes zeros to any block of allocated memory before malloc returns, not a new language.



You'd probably want an alternative libc implementation rather than a compiler flag.

However, calloc everywhere won't save you from smashing the stack or pointer type confusion (a common source of JavaScript exploits). Very rarely is leftover data from freed memory the source of an exploit.


If only the very competent people that decided to create Rust had thought of asking you for the solution instead...

Have a little humility.


That wouldn't make it safe. It would just make it crash in a different way, and still be vulnerable to exploitation by an attacker.


We have that already. There are still other problems that exist.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: