Typical security issues in C++: lifetime
Walter Bright
newshound2 at digitalmars.com
Thu Dec 8 17:59:01 UTC 2022
On 12/5/2022 11:57 AM, H. S. Teoh wrote:
> Most interestingly, "double free" only has 3 counts of the total, less
> than 1%, compared with "use after free", which constitute the largest
> category of issues. This seems to suggest that it's not memory
> management in general that's necessarily problematic, but it's keeping
> track of the *lifetime* of allocated memory. One could say that this is
> proof that lifetime is a complex problem. But again it's a strong
> argument that the GC brings a major benefit: it relieves the programmer
> from having to worry about lifetime issues. You can instantly be freed
> from 34% of security issues, if the above numbers are anything to go by.
This is a good interpretation of the results.
More information about the Digitalmars-d
mailing list