Good point. You can turn the checks on, but see this discussion about the default: https://github.com/rust-lang/rust/issues/47739 ../Dave On Jun 20, 2019, 12:26 AM -0400, D. Hugh Redelmeier via talk <talk@gtalug.org>, wrote:
| From: D. Hugh Redelmeier via talk <talk@gtalug.org>
| Rust does a few things that are relevant (I think -- I've not actually | used Rust):
| - unfortunately, I think that Rust only catches integer overflow in | debug mode. That's a mistake, but it's probably because checking is | considered too expensive. | <http://huonw.github.io/blog/2016/04/myths-and-legends-about-integer-overflow-in-rust/>
A very recent CVE against the Linux kernel exploits integer overflow CVE-2019-11477: SACK Panic (Linux >= 2.6.29) <https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md> --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk