C can be memory-safe

The idea of memory-safe languages is in the news lately. C/C++ is famous for being the world’s system language (that runs most things) but also infamous for being unsafe. Many want to solve this by hard-forking the world’s system code, either by changing C/C++ into something that’s memory-safe, or rewriting everything in Rust.

Forking is a foolish idea. The core principle of computer-science is that we need to live with legacy, not abandon it.

And there’s no need. Modern C compilers already have the ability to be memory-safe, we just need to make minor — and compatible — changes to turn it on. Instead of a hard-fork that abandons legacy system, this would be a soft-fork that enables memory-safety for new systems.

Consider the most recent memory-safety flaw in OpenSSL. They fixed it by first adding a memory-bounds, then putting every access to the memory behind a macro PUSHC() that checks the memory-bounds:

A better (but currently hypothetical) fix would be something like the following:

size_t maxsize CHK_SIZE(outptr) = out ? *outlen : 0;
This would link the memory-bounds maxsize with the memory outptr. The compiler can then be relied upon to do all the bounds checking to prevent buffer overflows, the rest of the code wouldn’t need to be changed.
An even better (and hypothetical) fix w

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Errata Security

Read the original article: