Linked by Thom Holwerda on Tue 22nd May 2012 23:26 UTC
Internet & Networking "Just over two months ago, Chrome sponsored the Pwnium browser hacking competition. We had two fantastic submissions, and successfully blocked both exploits within 24 hours of their unveiling. Today, we'd like to offer an inside look into the exploit submitted by Pinkie Pie." A work of pure art, this. Also, this is not the same person as the other PinkiePie. Also also, you didn't think I'd let a story with a headline like this go by unnoticed, did you?
Thread beginning with comment 519126
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[8]: Comment by Radio
by kwan_e on Wed 23rd May 2012 13:50 UTC in reply to "RE[7]: Comment by Radio"
kwan_e
Member since:
2007-02-18

A safer language would have a runtime error when such situations get detected.


Let's forget for a moment that C++ has both the STL and Boost, which demonstrate how to use C++ without needing pointer math, if they themselves can't be used...

Without pointer math no need for logic errors that turn into buffer exploits.


Really, so how would a language like Ada, which you mentioned, handle buffers (arrays) without "pointer math"? And, pray tell, how do you propose a "safe" language like Ada communicate with a GPU without passing it raw buffer instructions?

You're seriously trying to tell me that a "safe" language can read a programmer's mind and work out how to translate its memory model into something the GPU knows?

Here's a hint, any "safe" language requiring such functionality will need to have it written for it, which does nothing to prevent a similar bug from being introduced in that manner.

My Quantum Dot! What kind of people do they churn out of CS courses these days?

Reply Parent Score: 2

RE[9]: Comment by Radio
by moondevil on Wed 23rd May 2012 14:20 in reply to "RE[8]: Comment by Radio"
moondevil Member since:
2005-07-08

Let's forget for a moment that C++ has both the STL and Boost, which demonstrate how to use C++ without needing pointer math, if they themselves can't be used...


Library != Language

Really, so how would a language like Ada, which you mentioned, handle buffers (arrays) without "pointer math"?


With normal indexes, coupled with bound checked access.

My Quantum Dot! What kind of people do they churn out of CS courses these days?


Same to you, end of conversation. Bye.

Reply Parent Score: 2

RE[10]: Comment by Radio
by kwan_e on Wed 23rd May 2012 14:29 in reply to "RE[9]: Comment by Radio"
kwan_e Member since:
2007-02-18

"Let's forget for a moment that C++ has both the STL and Boost, which demonstrate how to use C++ without needing pointer math, if they themselves can't be used...


Library != Language
"

Newsflash, C++ was designed in such a way that libraries were supposed to do most of the heavy lifting. This is from Bjarne Stroustrup's book and many of his writings. For C++, library is a major part of the language.

"Really, so how would a language like Ada, which you mentioned, handle buffers (arrays) without "pointer math"?


With normal indexes, coupled with bound checked access.
"

Of course. Ada magically can write things to memory without pointer math under the covers. Pointer math that, incidentally get written by compiler writers.

More pointedly is how you managed to evade the question of how a language was supposed to interface with a GPU, as they are currently designed, without manual manipulation of buffers in their rawest forms.

"My Quantum Dot! What kind of people do they churn out of CS courses these days?


Same to you, end of conversation. Bye.
"

Love it or hate it, I consider anyone who comes out of a CS degree not understanding the design principles of a language like C++ to be deficient. Like it or not, for C++, library == language - INTENTIONALLY.

You have no business claiming to understand software development if you don't bother understanding the full extent of the tools you use.

Reply Parent Score: 3