@shlee All of this could've been avoided if it was written in the OG #MemorySafe #Ada / #SPARK (normally I'd say #CommonLisp, but on very resource-constrained platforms it performs a bit worse, such hosts do call for Ada) like it should've been.
Writing any new non-toy #software in C or similar #MemoryUnsafe languages is gross #negligence, nothing else.
It's kind of amusing & sad to me how basically every single government #spyware / attack tool that's publicly known and heard of essentially relies on a chain of vulnerabilities that wouldn't exist if it weren't for the gross disregard for #security in software and the persistent use of #MemoryUnsafe languages.
Just about every single attack I hear of *starts* with basic memory corruption that #MemorySafe languages wouldn't permit at all.
There's no excuse, #CommonLisp and #Ada are old.
@alex Awesome, yet another "codec implementations exposed to arbitrary third-party data should never be written in #MemoryUnsafe languages" bug.
I've been calling this one for a while now.
If they don't want to write it in #CommonLisp for some reason, #Ada #SPARK has been around for over 30 years now.
Rod2ik 🇪🇺 🇨🇵 🇪🇸 🇺🇦 🇨🇦 🇩🇰 🇬🇱 ☮🕊️
LisPi