True for many applications, but crashing is for many other applications still not acceptable either. If a program crashing can cause loss of life, that is not acceptable either.
I have not dived deep into Cloudbleed, but it looks (in contrast to what the blog post says) like a Ragel compiler bug[0]. Other compilers also target C, like mrustc that compiles Rust code to C code (mrustc is not a proper compiler, since it assumes the code is 100% correct and type checks 100% and does not perform any checks, as I understand it). And rustc's main backend produces IR or something for LLVM. With a compiler bug, also for instance in rustc, memory safety bugs are generally 100% possible.
In the Cloudbleed case, they were using what looks like an old and possibly somewhat obscure language and compiler, Colm and Ragel. They were then migrating away from that, but unfortunately not in time to avoid the bug. One reason why obscure compilers and languages can be iffy to use for production code. Though, for an EDSL like that, it is somewhat disappointing that the Ragel compiler developer did not avoid bugs like that; EDSLs can often be easier to make compilers for than compilers for general-purpose languages.
alt Hacker News
True for many applications, but crashing is for many other applications still not acceptable either. If a program crashing can cause loss of life, that is not acceptable either.
I have not dived deep into Cloudbleed, but it looks (in contrast to what the blog post says) like a Ragel compiler bug[0]. Other compilers also target C, like mrustc that compiles Rust code to C code (mrustc is not a proper compiler, since it assumes the code is 100% correct and type checks 100% and does not perform any checks, as I understand it). And rustc's main backend produces IR or something for LLVM. With a compiler bug, also for instance in rustc, memory safety bugs are generally 100% possible.
In the Cloudbleed case, they were using what looks like an old and possibly somewhat obscure language and compiler, Colm and Ragel. They were then migrating away from that, but unfortunately not in time to avoid the bug. One reason why obscure compilers and languages can be iffy to use for production code. Though, for an EDSL like that, it is somewhat disappointing that the Ragel compiler developer did not avoid bugs like that; EDSLs can often be easier to make compilers for than compilers for general-purpose languages.
[0]:
https://github.com/adrian-thurston/ragel/commit/284f1fb0ba7c...
https://github.com/adrian-thurston/ragel/issues/44#issuecomm...