Great introduction for a programmer audience. What I didn't get is what is meant by not allocating via new. The solution can't be make_shared, since it's also on the "not to do list", malloc is a worse idea, as, I presume, is not allocating on the heap at all. Should we put everything in pre-allocated buffers :-)? Can anybody clarify?
usually if you're writing new, you're trying to manage the lifetime yourself. Which is difficult and easy to mess up. Instead stuff like unique_ptr, vector, and such are used since they are exception safe. shared_ptr makes it very ambiguous as to what owns the memory, which is why it's avoided.
34:45, I once generated a dragon of a bug by cleverly compress 2 lines into 1. It ended up with ?: inside ?:, I don't know how many times. I guess there were 8 cases, in which those ?: were wrong about 2 of them. Automated tests would had clean that easily. 38:37, could you give an example? I use old style enum _a lot_ , and I don't get into trouble.
Not something to be proud of but her claim at 30:20 is wrong: "Incorrect type conversion [...] something you can do in C and C++ that you can't do in other languages". Here is a D program that does the same: struct A {} struct B {} void main() { auto a = new A(); auto b = cast(B*)a; }
Ali Cehreli Thank you, I don’t know D, probably there are other languages that can do hard casts as well without runtime errors, my point was that in most languages this is not possible, but I didn’t make that clear. I did learn something about D, though, so TIL
In natural language “can't do in other languages” can be translated to “can't do in most other widely used languages”, not necessarily “can't do in any other languages”.
wouldn't call that entirely wrong. didn't say "_all_ other languages". considering professional background, i expect the word "java" is to be substituted in for "other languages" :)
![[#2024MAMA] G-DRAGON - 무제(Untitled, 2014)+POWER+HOME SWEET HOME+뱅뱅뱅+FANTASTIC BABY | Mnet 241123 방송](http://i.ytimg.com/vi/Ox29z5Nf1Uk/mqdefault.jpg)
Fantastic job explaining the way exploits are written. Thanks!!
Awesome, Thanks for video
Excellent talk, thank you!
Great introduction for a programmer audience.
What I didn't get is what is meant by not allocating via new. The solution can't be make_shared, since it's also on the "not to do list", malloc is a worse idea, as, I presume, is not allocating on the heap at all. Should we put everything in pre-allocated buffers :-)? Can anybody clarify?
usually if you're writing new, you're trying to manage the lifetime yourself. Which is difficult and easy to mess up. Instead stuff like unique_ptr, vector, and such are used since they are exception safe. shared_ptr makes it very ambiguous as to what owns the memory, which is why it's avoided.
34:45, I once generated a dragon of a bug by cleverly compress 2 lines into 1. It ended up with ?: inside ?:, I don't know how many times. I guess there were 8 cases, in which those ?: were wrong about 2 of them. Automated tests would had clean that easily.
38:37, could you give an example? I use old style enum _a lot_ , and I don't get into trouble.
Not something to be proud of but her claim at 30:20 is wrong: "Incorrect type conversion [...] something you can do in C and C++ that you can't do in other languages". Here is a D program that does the same:
struct A {}
struct B {}
void main() {
auto a = new A();
auto b = cast(B*)a;
}
Ali Cehreli Thank you, I don’t know D, probably there are other languages that can do hard casts as well without runtime errors, my point was that in most languages this is not possible, but I didn’t make that clear. I did learn something about D, though, so TIL
In natural language “can't do in other languages” can be translated to “can't do in most other widely used languages”, not necessarily “can't do in any other languages”.
wouldn't call that entirely wrong. didn't say "_all_ other languages". considering professional background, i expect the word "java" is to be substituted in for "other languages" :)
It's trivial in Pascal too (not that Pascal is really a relevant language these days).
"turtle sex" on the first slide?
turtle security
Totally a waste of time, for the same subject watch Matthew Butler's talk.