alt Hacker NewsMemory safety doesn't mean it's safe. And C++ doesn't mean it's unsafe.
Browsers are in C++, do you not use them? Curl is in C, do you not use it? Kernel is C...
Memory safety doesn't mean it's safe. And C++ doesn't mean it's unsafe.
Browsers are in C++, do you not use them? Curl is in C, do you not use it? Kernel is C...
Chrome uses sandboxing and a lot of safe tooling (wuffs, rust) for untrusted data.
curl is heavily fuzzed and you still mostly control what you are downloading unless the target is compromised.
With logs the attacker controls what goes into your logs.
And you don't need to really look very hard, there are a fair number of very recent stack and heap overflows: https://github.com/tstack/lnav/issues?q=is%3Aissue%20heap%20...