Good point. You can turn the checks on, but see this discussion about the default: https://github.com/rust-lang/rust/issues/47739

../Dave
On Jun 20, 2019, 12:26 AM -0400, D. Hugh Redelmeier via talk <talk@gtalug.org>, wrote:
| From: D. Hugh Redelmeier via talk <talk@gtalug.org>

| Rust does a few things that are relevant (I think -- I've not actually
| used Rust):

| - unfortunately, I think that Rust only catches integer overflow in
| debug mode. That's a mistake, but it's probably because checking is
| considered too expensive.
| <http://huonw.github.io/blog/2016/04/myths-and-legends-about-integer-overflow-in-rust/>

A very recent CVE against the Linux kernel exploits integer overflow
CVE-2019-11477: SACK Panic (Linux >= 2.6.29)
<https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md>
---
Talk Mailing List
talk@gtalug.org
https://gtalug.org/mailman/listinfo/talk