"sketchy c code" is a tautology | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		orangepurple on Sept 27, 2022 \| parent \| context \| favorite \| on: WhatsApp Remote Code Execution in Video Call "sketchy c code" is a tautology

yjftsjthsd-h on Sept 27, 2022 [–]

No, OpenBSD and sqlite exist; "sketchy c code" is only mostly redundant.

j-krieger on Sept 28, 2022 | [–]

Sqlite has had multiple CVEs featuring use-after-free, heap overflows, usage of null pointers, use of uninitialized memory, and array bounds overflows. [1]

Those could all be avoided by not using C.

[1]: https://www.sqlite.org/cves.html

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact