Techly NewsGet the app

Get the latest tech news

Taming the UB Monsters in C++


For more background on safety and security issues related to C++, including definitions of “language safety” and “software security” and similar terms, see my March 2024 essay “C++ safety, in conte…

If we do nothing more than take away the UB that can be used as building blocks for RCE (even if we still allowed other corruption), then bad actors would lose most of the tools they use to gain control over execution and run their malware, and we would dramatically harden the world’s code. As Úlfar notes (emphasis added): “This is a big change and will require a team effort: Researchers and standards bodies need to work together to define a set of protection profiles that can be applied to secure existing software — without new risks or difficulties — easily, at the flip of a flag …” Yes, there’s still a great deal of work ahead, but if we can make a solid push over the next one to two years we do have a real shot at systematically addressing UB in C++, including eliminating nearly all remote code execution attacks.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of C++

C++

Photo of ub monsters

ub monsters

Related news:

News photo

Writing your own C++ standard library from scratch

News photo

A Guide to Undefined Behavior in C and C++ (2010)

News photo

Show HN: Cppmatch – Rust-Like Pattern Matching and Error Handling for C++

« Odd Lots: Nick Denton’s Big Bet Against the US (Podcast)
Talkin’ about a Revolution »