The future isn't evenly distributed. I recently discovered an actively developed software project that had a ton of helper functions based on the design of `gets` with the same vulnerability. Surprisingly not all C/C++ developers have learned yet to recoil in horror at seeing a buffer pointer being passed around without a length. (C++'s std::span was very convenient for fixing the issue by letting the buffer pointer and length be kept together, exactly like Go and Rust slices.)

▲

user_7832 a day ago | parent [-]

> Surprisingly not all C/C++ developers have learned yet to recoil in horror at seeing a buffer pointer being passed around without a length.

As someone who wasn't taught better (partly due to not picking CS as a career stream), are there any languages which avoid such vulnerability issues? Does something like rust help with this?

	▲	pjmlp a day ago \| parent \| next [-]
		Almost everything else, besides any language that is copy-paste compatible with C, including systems languages that predate C for a decade, like JOVIAL, ESPOL, NEWP, PL/I and other ALGOL inspired systems languages. Xerox PARC started with BCPL for their systems, but eventually created Mesa exactly for safe systems programming. https://en.wikipedia.org/wiki/Mesa_(programming_language) http://toastytech.com/guis/star.html "The Mesa Programming Environment" - very first IDE for a systems language https://www.digibarn.com/friends/curbow/star/XDEPaper.pdf While Pascal as originally designed wasn't suitable for systems programming, and various dialects sprung out of it, with Object Pascal from Apple/Borland being the most famous one, by 1978 the first standard for Modula-2 was released, which was inspired in Mesa, after Niklaus Wirth spent a sabaticall year at Xerox PARC. Years later, through a similar experience, the evolution of Mesa (Cedar) would influence him to come up with Oberon. https://en.wikipedia.org/wiki/Modula-2 https://www.modula2.org/modula2-history.php Then there was Ada, although too expensive to get compilers and high hardware requirements for 1980's computers. Also all BASIC compilers in the 8 and 16 bit home computers had support for low level systems programming. In recent programming languages, something like Zig would be the closest to what those languages were offering, in safety without having a GC of some form. Naturally this takes cares of most C flaws, minus use-after-free, however due to their type systems, one tends to use heap allocations less than in C, although it remains an issue.
	▲	AgentME 16 hours ago \| parent \| prev [-]
		Yes, Rust protects against this and so does almost every language with garbage collection (Java, C#, Python, JS/TS, etc). C/C++ are pretty unique in being some of the only popular languages remaining that don't protect you from memory safety issues often causing exploitable vulnerabilities.