Announcement

Collapse
No announcement yet.

GCC 14 Boasts Nice ASCII Art For Visualizing Buffer Overflows

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • #1

    GCC 14 Boasts Nice ASCII Art For Visualizing Buffer Overflows

    Phoronix: GCC 14 Boasts Nice ASCII Art For Visualizing Buffer Overflows

    David Malcolm of Red Hat's compiler team is out with his annual blog post summarizing the static analysis improvements to find with the upcoming GCC 14 stable compiler release...

    GCC 14 Boasts Nice ASCII Art For Visualizing Buffer Overflows - Phoronix
    https://www.phoronix.com/news/GCC-14-fanalyzer-Enhancements
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
    • Likes 3
  • #2
    Just because it's a gimmick and because people tend to call things a joke around April 1st, I'm gonna call this a nice April Fools joke.
    • Likes 3

    Comment

    • #3
      In the meantime: Rust has the compiler that prevents buffer overflows and shows helpful compiler messages in general.

      /offtop

      ---

      The pictures do look pretty, anything that makes a better software is welcome 👍
      Last edited by murlakatamenka; 03 April 2024, 11:34 AM.
      • Likes 8

      Comment

      • #4
        Originally posted by Vistaus View Post
        Just because it's a gimmick and because people tend to call things a joke around April 1st, I'm gonna call this a nice April Fools joke.
        FWIW I considered implementing a new warning: -Wits-2024-why-are-you-still-using-a-memory-unsafe-language for April 1st, but thought better of it :-P

        I agree that the ASCII art is somewhat gimmicky, but I've been trying to run the analyzer on the Linux kernel and I've found the diagrams helpful when looking through the results to more quickly get an idea of what the analyzer is "thinking" (I haven't found any new true vulnerabilities with it, merely verified that it detects some historical ones).

        • Likes 5

        Comment

        • #5
          love it, both cool and useful
          • Likes 14

          Comment

          • #6
            This is pretty cool and potentially very useful.

            People are visual creatures that understand concepts better if they can get a visual representation.

            Something like this will make it easy even for open source "developers" to be able to see what they are doing wrong.
            • Likes 11

            Comment

            • #7
              Originally posted by murlakatamenka View Post
              In the meantime: Rust has the compiler that prevents buffer overflows and shows helpful compiler messages in general.
              It's not the only language in town able to do that. Java has had protection against buffer overflows since 1995. Python, PHP, C# etc. all handle those gracefully. You'd need a dependently typed language to prevent those at compile time. But there are those languages as well.
              • Likes 2

              Comment

              • #8
                Originally posted by murlakatamenka View Post
                In the meantime: Rust has the compiler that prevents buffer overflows and shows helpful compiler messages in general.

                /offtop

                ---

                The pictures do look pretty, anything that makes a better software is welcome 👍
                I shill Rust as much as the next guy, but we have got to stop beating the "memory safety" drum. That ain't special

                I think enums and not needing sentinel values is a much bigger selling point. The Result enum alone is a bigger game changer than the same level of memory safety every modern language has

                The second thing we gotta stop doing is never shutting up about Rust
                • Likes 11

                Comment

                • #9
                  Originally posted by Vistaus View Post
                  Just because it's a gimmick and because people tend to call things a joke around April 1st, I'm gonna call this a nice April Fools joke.
                  Given how far off April Fools Day was (many many hours as of this post) I guess your clocks are not sync'd to NTP?
                  • Likes 2

                  Comment

                  • #10
                    Originally posted by bacteriamanicure View Post

                    I shill Rust as much as the next guy, but we have got to stop beating the "memory safety" drum. That ain't special

                    I think enums and not needing sentinel values is a much bigger selling point. The Result enum alone is a bigger game changer than the same level of memory safety every modern language has

                    The second thing we gotta stop doing is never shutting up about Rust
                    Plenty of us do, myself included. Rust is a really good tool for some things and I'm quite content to use it or those things. I don't run around beating a drum about it, though.

                    But I absolutely will hammer that drum on the memory safety talking point when someone who is rather green to the IT world argues that we need to stay with C. I've spent too many late nights patching memory vulnerabilities to have any patience for such nonsense.
                    • Likes 3

                    Comment

                    Previous 1 2 template Next
                    Working...
                    X