SuperfluousSecJan 23, 2023
yan
the next time one of you finds a UAF in pdfium, please make a PoC exploits it using https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2023/p2739r0.pdf, i would literally pay $5 to see this
Jan 23, 2023 at 1:33amWeb
Show threadGraham Sutherland / PolynomialJan 23, 2023
@bcrypt every time I read through that I can't help but read the quotes around safety as sarcasm
Show thread0xC0DEC0DE07EAJan 23, 2023
@bcrypt how utterly detached from reality do you have to be to think “any good static analyzer (e.g., Clang tidy, that has some CG support) could be made to completely deliver those guarantees”?
Show threadPär BjörklundJan 23, 2023

@c0dec0dec0de @bcrypt "P2687R0 approach lets you apply the safety guarantees only where required" hard to read this as anything else than "unsafe by default"

I'm pretty sure the HPC folks want their simulations to be correct even if it means bounds checking

Show threadNicholas WeaverJan 23, 2023
@bcrypt @fugueish
Why is it called C++? Because it was Stroustrup's grade when he took programming languages.
Show threadJesse HarrisJan 23, 2023
@ncweaver @bcrypt @fugueish Sir, murder is illegal.
Show threadFennix Jan 23, 2023
@ncweaver @bcrypt @fugueish Damn don't tell the guys behind D or F#...
Show threadTamás GulácsiJan 23, 2023
@bcrypt That's horrible. A languge that you can use multitude of ways and secure only if you use it very carefully only one way AND ALL OTHER THIRD PARTY DOES THE SAME, is not a safe language, IMHO .