20 Jun
2019
20 Jun
'19
12:26 a.m.
| From: D. Hugh Redelmeier via talk <talk@gtalug.org> | Rust does a few things that are relevant (I think -- I've not actually | used Rust): | - unfortunately, I think that Rust only catches integer overflow in | debug mode. That's a mistake, but it's probably because checking is | considered too expensive. | <http://huonw.github.io/blog/2016/04/myths-and-legends-about-integer-overflow-in-rust/> A very recent CVE against the Linux kernel exploits integer overflow CVE-2019-11477: SACK Panic (Linux >= 2.6.29) <https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md>