From: tnp@invalid.invalid   
      
   On 05/02/2026 13:45, Lars Poulsen wrote:   
   > On 2026-02-04, c186282  wrote:   
   >>     Being able to pass pointers back and forth is   
   >>     a strong point with 'C'. In theory this COULD   
   >>     be exploited by evil actors, but I can't find   
   >>     any clear doc on whether it's been done to   
   >>     any relevant degree. Most security probs result   
   >>     from developer stupidity, not from the underlying   
   >>     language and methods.   
   >>   
   >>     Amazing how many still allocate mem, or even   
   >>     just string space or use thereof, without the   
   >>     slightly newer functions that let you specify   
   >>     just HOW many bytes are involved. "Buffer   
   >>     overflow" is still a prime attack vector. Keep   
   >>     seeing it in M$ warning notes and no doubt   
   >>     there's similar idiocy in Linux/UNIX apps   
   >>     as well.   
   >   
   > This was the great thing about i286 protected mode.   
   > It was trivial to substitute a malloc()/free() pair where   
   > malloc()'ed structures were segment that would trap any buffer   
   > overflows.   
   >   
   >   
   C memory issues seem to amount to two things only.   
      
   Use of local buffers which may get overrun and then smash the stack...   
   mismatched allocation and de allocation of memory by library functions.   
   Leading to overwrites, memory segfauilts or memory leaks.   
      
   The first is of course implementation specific. C can specify a data   
   stack separate from a program stack and avoid code corruption, leaving   
   only data corruption...   
      
   And today's hardware is RAM loaded. Programmers merely need avoid   
   dynamic allocation of memory, altogether.   
      
      
   --   
   No Apple devices were knowingly used in the preparation of this post.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)