jahboater
Posts: 5931
Joined: Wed Feb 04, 2015 6:38 pm
Location: West Dorset

Re: Anyone using Rust on a PI ?

Sun Aug 09, 2020 10:56 pm

ejolson wrote:
Sun Aug 09, 2020 10:42 pm
-rwxr-xr-x 1 root root 25804 Aug 9 22:36 cal
Wow!
The dynamically linked modern cal is larger than that.
29K on my Pi4 64-bit!

I see we have ncal now.
Pi4 8GB running PIOS64 Lite

ejolson
Posts: 5595
Joined: Tue Mar 18, 2014 11:47 am

Re: Anyone using Rust on a PI ?

Sun Aug 09, 2020 11:17 pm

jahboater wrote:
Sun Aug 09, 2020 10:56 pm
ejolson wrote:
Sun Aug 09, 2020 10:42 pm
-rwxr-xr-x 1 root root 25804 Aug 9 22:36 cal
Wow!
The dynamically linked modern cal is larger than that.
29K on my Pi4 64-bit!

I see we have ncal now.
It seems the musl C library is good for static linking on Linux these days. I don't know what's with ncal. Could there be some parallel processing in there?

Why does

Code: Select all

$ ldd /usr/bin/ncal
        linux-vdso.so.1 (0xbef13000)
        /usr/lib/arm-linux-gnueabihf/libarmmem-${PLATFORM}.so => /usr/lib/arm-linux-gnueabihf/libarmmem-v7l.so (0xb6ee1000)
        libtinfo.so.5 => /lib/arm-linux-gnueabihf/libtinfo.so.5 (0xb6eb2000)
        libbsd.so.0 => /usr/lib/arm-linux-gnueabihf/libbsd.so.0 (0xb6e8a000)
        libc.so.6 => /lib/arm-linux-gnueabihf/libc.so.6 (0xb6d3c000)
        /lib/ld-linux-armhf.so.3 (0xb6ef6000)
        librt.so.1 => /lib/arm-linux-gnueabihf/librt.so.1 (0xb6d25000)
        libpthread.so.0 => /lib/arm-linux-gnueabihf/libpthread.so.0 (0xb6cfb000)
report that libpthread is needed?

Note that I updated the code for the original cal.c in the previous post carefully preserving tabs and the spacing is now correct on all systems. Strangely, the size of the binary did not change at all.

If for some reason you translate the original version of cal.c to Rust be careful of tabs in quotation marks. Otherwise, how could anyone use Rust on a Pi?

Heater
Posts: 16310
Joined: Tue Jul 17, 2012 3:02 pm

Re: Anyone using Rust on a PI ?

Mon Aug 10, 2020 12:34 am

ejolson wrote:
Sun Aug 09, 2020 9:05 pm
How can I make a shared library with Rust?
Like so:
https://doc.rust-lang.org/1.5.0/book/ru ... uages.html
Memory in C++ is a leaky abstraction .

Heater
Posts: 16310
Joined: Tue Jul 17, 2012 3:02 pm

Re: Anyone using Rust on a PI ?

Mon Aug 10, 2020 1:08 am

ejolson wrote:
Sun Aug 09, 2020 9:05 pm
I suspect many people consider a systems programming language to be the one in which you would write the entire operating system not just the kernel.
Many people would be wrong :)

By that definition Java is a systems programming language because the Android OS is written in Java.

I guess every one can have their own definition of "system" and hence include or exclude whatever language they like when the say "systems programming language". The term loses all common meaning.
Memory in C++ is a leaky abstraction .

ejolson
Posts: 5595
Joined: Tue Mar 18, 2014 11:47 am

Re: Anyone using Rust on a PI ?

Mon Aug 10, 2020 2:16 am

Heater wrote:
Mon Aug 10, 2020 12:34 am
ejolson wrote:
Sun Aug 09, 2020 9:05 pm
How can I make a shared library with Rust?
Like so:
https://doc.rust-lang.org/1.5.0/book/ru ... uages.html
That seems to be an example of linking a rust routine into Ruby and Python. I was more thinking of turning a crate of hash browns into a shared library that could be dynamically linked and shared between different Rust programs. Is it as simple as defining

Code: Select all

crate-type = ["dylib"]
somewhere in the hashbrown crate?

ejolson
Posts: 5595
Joined: Tue Mar 18, 2014 11:47 am

Re: Anyone using Rust on a PI ?

Mon Aug 10, 2020 2:23 am

Heater wrote:
Mon Aug 10, 2020 1:08 am
ejolson wrote:
Sun Aug 09, 2020 9:05 pm
I suspect many people consider a systems programming language to be the one in which you would write the entire operating system not just the kernel.
Many people would be wrong :)

By that definition Java is a systems programming language because the Android OS is written in Java.

I guess every one can have their own definition of "system" and hence include or exclude whatever language they like when the say "systems programming language". The term loses all common meaning.
After a quick web search I see in 1998 that
J.M. Bishop wrote: Java is the newest in a long line of systems programming languages. This paper looks at what makes it special and backs the findings up with three case studies.
https://link.springer.com/chapter/10.10 ... -35350-0_6

So I guess you are right about people being wrong. Given all the lawyers at Oracle, it's likely other people at Google wish they had used C# for Android instead. Maybe they are wrong too and should have used Rust.

Heater
Posts: 16310
Joined: Tue Jul 17, 2012 3:02 pm

Re: Anyone using Rust on a PI ?

Mon Aug 10, 2020 2:54 am

ejolson wrote:
Mon Aug 10, 2020 2:16 am
That seems to be an example of linking a rust routine into Ruby and Python. I was more thinking of turning a crate of hash browns into a shared library that could be dynamically linked and shared between different Rust programs.
The end result of the example described in that link is a regular dynamic library. As it says:
That libembed.so is our ‘shared object’ library. We can use this file just like any shared object library written in C! As an aside, this may be embed.dll or libembed.dylib, depending on the platform.
Although I have never heard of the "C!" language :)

Rust can of course use shared libraries so presumably Rust can use shared libraries written in Rust, like the example, as well.

https://medium.com/dwelo-r-d/using-c-li ... 961948c72a

Thing is, all such linkage requires making use of the "Foreign Function Interface", FFI, which basically means C style linkage. Much like the FFI's in Java, Python, JS, etc.

That demands disabling name mangling for all exported functions and no doubt much else besides.

Not something I have looked at much yet.

But of course if one links program A with library B dynamically through the FFI then one has disabled the ability of the Rust type system and borrow checker to verify the whole program.
Memory in C++ is a leaky abstraction .

ejolson
Posts: 5595
Joined: Tue Mar 18, 2014 11:47 am

Re: Anyone using Rust on a PI ?

Mon Aug 10, 2020 4:11 am

Heater wrote:
Mon Aug 10, 2020 2:54 am
But of course if one links program A with library B dynamically through the FFI then one has disabled the ability of the Rust type system and borrow checker to verify the whole program.
Right, it would be nice to combine a memory efficient use of shared libraries without giving up on compile time verification. I think something like the Interface and Implementation sections of a Pascal Unit file would allow the automatic creation of library headers that carry enough information to verify the part of the program contained in a dynamically loadable shared crate object. It's either more difficult than it sounds or most people are creating huge all-encompassing binaries like the Firefox web browser and don't much care for shared libraries anyway.

Heater
Posts: 16310
Joined: Tue Jul 17, 2012 3:02 pm

Re: Anyone using Rust on a PI ?

Mon Aug 10, 2020 8:52 am

ejolson wrote:
Mon Aug 10, 2020 4:11 am
Right, it would be nice to combine a memory efficient use of shared libraries without giving up on compile time verification.
In much of my world systems haven't had enough memory to implement shared libraries! Think micro-controllers and the like.

In my current world it is unheard of that I am filling up even a few percent of my gigabytes of RAM with actual code. So the memory efficiency of shared libs is of very little benefit.

In short you seem to be wanting to solve a problem that does not exist.
ejolson wrote:
Mon Aug 10, 2020 4:11 am
I think something like the Interface and Implementation sections of a Pascal Unit file would allow the automatic creation of library headers that carry enough information to verify the part of the program contained in a dynamically loadable shared crate object.
Oddly enough over the decades I have used all kind of languages, many with C like header files, some with interface and implementation sections, like Pascal. I have always thought this is all a pain in the ass. Why not just write the code you want, without repeating yourself elsewhere, have the compiler read it all and sort it out for itself?

Mostly the likes of header files were invented because memory was tight, processing speed was limited and that save the compiler a lot of time and space not processing everything.

The other pressing need for header files was that people wanted to ship closed source binary only libraries but with something the customers compiler could use to make the connection to the customers own code. Well, that seems like a non-requirement to me.

I see this as also wanting to solve a problem that does not exist.
ejolson wrote:
Mon Aug 10, 2020 4:11 am
It's either more difficult than it sounds or most people are creating huge all-encompassing binaries like the Firefox web browser and don't much care for shared libraries anyway.
That seems rather negative. The Rust devs are dedicated to creating a robust, safe, efficient systems programming language. That means being usable all the way down to devices with very little space, like the ARM and MIPs micro-controllers and others. Even down to the 8 bit Arduiino.

If the likes of Firefox are big they were already big before Rust came along.

I might argue that given many modern programs like Firefox, Chrome, VS Code etc can update themselves and updates are frequently available, then perhaps having everything compiled into a singe big blob is the sensible way to go.
Memory in C++ is a leaky abstraction .

jahboater
Posts: 5931
Joined: Wed Feb 04, 2015 6:38 pm
Location: West Dorset

Re: Anyone using Rust on a PI ?

Mon Aug 10, 2020 12:04 pm

Heater wrote:
Mon Aug 10, 2020 8:52 am
The other pressing need for header files was that people wanted to ship closed source binary only libraries but with something the customers compiler could use to make the connection to the customers own code. Well, that seems like a non-requirement to me.
It is a requirement for me. Its not just closed source binary libraries. That's how most open source libraries work too.
I cant see the idea of recompiling the entire math library every time you want to use it being very popular.
If that's what Rust does, its a non starter. Easier and far far quicker to include math.h and link with -lm. Try compiling libm on a Pi Zero!

Same for all the popular libraries we use: curses, gmp, libc etc.
The only exception seems to be GNU Readline which is compiled in with the bash shell and the GDB debugger, but that's likely because readline is vast and the shell only needs a tiny bit of it.
Pi4 8GB running PIOS64 Lite

Heater
Posts: 16310
Joined: Tue Jul 17, 2012 3:02 pm

Re: Anyone using Rust on a PI ?

Mon Aug 10, 2020 1:58 pm

jahboater wrote:
Mon Aug 10, 2020 12:04 pm
It is a requirement for me. Its not just closed source binary libraries. That's how most open source libraries work too.
I cant see the idea of recompiling the entire math library every time you want to use it being very popular.
If that's what Rust does, its a non starter. Easier and far far quicker to include math.h and link with -lm. Try compiling libm on a Pi Zero!
I did not say "recompile every time".

As it stands with C/C++:

1) The library is compiled. One time only. The resulting binary is stashed away somewhere. Matching header files stashed away somewhere else. Likely this is all done and supplied with the OS distro. But perhaps not if you have to build a library yourself as is often the case.

2) You compile your code that uses that library. The compiler needs to read and analyse those header files to see what is in there and hook it all up. Static or dynamic no matter.

The way I see it those headers are redundant. All the information the compiler needs can be in the actual source code. And often is in C, function definitions for example. Importantly the compiler need not completely recompile the library from scratch, if the binary exists already it only need to analyse the source enough to be able to satisfy the linkage between your application and that binary lib code.

As such I am very happy to see Rust does not have header files and such like. As far as I can tell it does what I describe, when you first build a program it will take some time as 'crates' are downloaded and compiled. Subsequently builds go much faster as all that is skipped.

When it comes to correctness checking, the C model is totally broken. The compiler has no idea if those headers you told it to use actually match the binary of the lib. Your compilation never did build that lib binary it has no idea what is in there. "unsafe" through and through.

As far as I can tell C++ pretty much does what Rust does in this respect. When your C++ lib is mostly generics and templates and template meta programming then all the useful stuff is in the header file, which can take a good long time to compile...
Memory in C++ is a leaky abstraction .

ejolson
Posts: 5595
Joined: Tue Mar 18, 2014 11:47 am

Re: Anyone using Rust on a PI ?

Mon Aug 10, 2020 3:12 pm

Heater wrote:
Mon Aug 10, 2020 8:52 am
Oddly enough over the decades I have used all kind of languages, many with C like header files, some with interface and implementation sections, like Pascal. I have always thought this is all a pain in the ass. Why not just write the code you want, without repeating yourself elsewhere, have the compiler read it all and sort it out for itself?
For me the difference between Pascal Unit files and the way some other languages do things is organisational. A separate Interface section at the top collects the exported symbols together and provides a place to document them. The alternative is to sprinkle the remainder of the code with some sort of keyword--in C amusingly called static--which indicates whether a symbol is to be exported or not. While you can still provide comments at the top, there is no longer any checking that what you've listed is complete.

As far as individual software programs that update themselves directly from the developer go, that should have gone out of fashion even before NotPetya came in through the update of an accounting package and did an estimated US$ 10 billion in damages worldwide. Going forward it is important to make this kind of supply-chain hacking more difficult rather than easier.

Supply-chain hacking can be a problem even at the source code level. For this reason it makes sense to set up audited code libraries that seldom change and which contain enough functionality that people don't need to trust 50 different independently updated crates to build a project. Arguably this is the biggest reason OpenBSD pulls everything into a single tree and Debian keeps their own copies of upstream sources which are always out of date.

Even though the TikTok controversy indicates there are bigger problems elsewhere, anyone using Rust on a Pi to prevent some of the accidental errors that programmers make seems like a good idea to me.

Heater
Posts: 16310
Joined: Tue Jul 17, 2012 3:02 pm

Re: Anyone using Rust on a PI ?

Mon Aug 10, 2020 3:58 pm

ejolson wrote:
Mon Aug 10, 2020 3:12 pm
For me the difference between Pascal Unit files and the way some other languages do things is organisational. A separate Interface section at the top collects the exported symbols together and provides a place to document them.
Alternatively one could design the language in such a way that tools can easily parse it, pull out all the public API and generate nice documents of it all. Like rust does: https://doc.rust-lang.org/cargo/commands/cargo-doc.html
ejolson wrote:
Mon Aug 10, 2020 3:12 pm
Supply-chain hacking can be a problem even at the source code level.
Indeed, supply chain hacking is a concern. It even happens with hardware supply chains.

As it stands we generally trust that our downloads of the operating system formally known as Raspbian are legit and unsullied. Similarly every time we do an "apt-get update; apt-get upgrade"

We have to trust somebody somewhere.

This issue is rather orthogonal to that of header files, linking libraries and such.

I will posit that it might be easier to trust in what you get down the pipe when it comes as source code. And when due to the nature of the language it is very hard to sneak code in there that can reach out and do things it should not. And when it has other groups doing security audits on it: https://rustsec.org/
ejolson wrote:
Mon Aug 10, 2020 3:12 pm
... anyone using Rust on a Pi to prevent some of the accidental errors that programmers make seems like a good idea to me.
Yeah. I would expect a mathematician to want some kind of proof of correctness in what he does. See:
"Adam McCullough- Rust's Borrow Checker Proven Correct!" https://www.youtube.com/watch?v=XJMF0PlLELc
Memory in C++ is a leaky abstraction .

ejolson
Posts: 5595
Joined: Tue Mar 18, 2014 11:47 am

Re: Anyone using Rust on a PI ?

Mon Aug 10, 2020 5:13 pm

Heater wrote:
Mon Aug 10, 2020 3:58 pm
We have to trust somebody somewhere.
Trusting somebody is much different than trusting anyone using Rust on a Pi who has published a crate in the public repository. Even if all the people who publish crates are trustworthy, just like the supply chain of for-profit software can be compromised by a third party, so could any one of the crate suppliers be hacked or later commissioned by the spy master at their local government.

My concern with the Rust crate system is how many people do you need to trust, or in other words, how large is the supply-chain attack surface?

I know that having automatic downloads from a public code repository integrated into the build system is not unique to Rust. In fact there are many C and C++ projects that automatically wget stuff and compile it as part of the build. In my opinion, no matter what the language, it is important not to encourage the clumsy like me to be so fashionably agile.

Since the line numbering and lack of subroutines make it almost impossible to reuse someone else's code, maybe Basic is the safest alternative after all.

Heater
Posts: 16310
Joined: Tue Jul 17, 2012 3:02 pm

Re: Anyone using Rust on a PI ?

Mon Aug 10, 2020 6:20 pm

ejolson wrote:
Mon Aug 10, 2020 5:13 pm
My concern with the Rust crate system is how many people do you need to trust, or in other words, how large is the supply-chain attack surface?
A valid concern.

I think we have a new challenge then.

Publish a Rust crate that does something interesting. But include in it some malicious code that does something else behind the scenes.

Top marks awarded for entries that can get root on the unsuspecting users machine :)

We might have to limit this to crates that are only written in Rust.
Memory in C++ is a leaky abstraction .

ejolson
Posts: 5595
Joined: Tue Mar 18, 2014 11:47 am

Re: Anyone using Rust on a PI ?

Mon Aug 10, 2020 7:11 pm

Heater wrote:
Mon Aug 10, 2020 6:20 pm
ejolson wrote:
Mon Aug 10, 2020 5:13 pm
My concern with the Rust crate system is how many people do you need to trust, or in other words, how large is the supply-chain attack surface?
A valid concern.

I think we have a new challenge then.

Publish a Rust crate that does something interesting. But include in it some malicious code that does something else behind the scenes.

Top marks awarded for entries that can get root on the unsuspecting users machine :)

We might have to limit this to crates that are only written in Rust.
Since wearing a white hat is noticeably cooler in the desert, how about a slight modification to the challenge: Find three crates already published in the Rust repository that have such properties.

I've actually been hoping that anyone using Rust on the Pi would modernize the original Unix cal.c code in a way that demonstrates the advantage of the strong type system and emphasis on memory safety. Extra bugs are available for any cabbages found in the original code.

Heater
Posts: 16310
Joined: Tue Jul 17, 2012 3:02 pm

Re: Anyone using Rust on a PI ?

Mon Aug 10, 2020 8:24 pm

I was thinking... perhaps my challenge is a bit simpler than I first thought. Consider the following Rust code:

Code: Select all

fn main() -> std::io::Result<()> {
    let mut in_stream = TcpStream::connect("127.0.0.1:34254")?;
    let mut out_stream = TcpStream::connect("127.0.0.1:8217")?;

    // A buffer to hold ssensitive information
    let mut secret_stuff = vec!(0; 1024);	
    for _ in 0..1000 {
        // Read sensitive information from somewhere.
        let len = in_stream.read(&mut secret_stuff)?;

        // ...
        // Some inspection/filter/process the sensitive information..
        secret_stuff[0] = secret_stuff[len - 1]; 
        // ...

        // Write sensitive information somewhere else.
        let len = out_stream.write(&secret_stuff)?;
        println!("Processed {} bytes of secret stuff.", len);
    }
    Ok(())
} 
All perfectly memory safe code that builds without warnings or even complaints from the Rust linter (clippy).

Can you spot the sensitive information leak there?

At least it demonstrates that whilst I can't reach out from my library code and grab data in your application, thanks to the type system and borrow checker etc, if I can get you to use it, I can reach out to the net without any hindrance. And hence siphon out or inject into any data I get you to pass through my library.

Now where is my black hat... ?
Memory in C++ is a leaky abstraction .

jahboater
Posts: 5931
Joined: Wed Feb 04, 2015 6:38 pm
Location: West Dorset

Re: Anyone using Rust on a PI ?

Tue Aug 11, 2020 8:28 am

Heater wrote:
Mon Aug 10, 2020 8:24 pm
Can you spot the sensitive information leak there?
Does this initialize the memory?

Code: Select all

let mut secret_stuff = vec!(0; 1024);
Otherwise the read() method may have undefined behavior (bizarrely).

Not a security thing, but does "let len =" declare the variable "len"? In which case its been declared twice in the same block.
Pi4 8GB running PIOS64 Lite

User avatar
RichardRussell
Posts: 678
Joined: Thu Jun 21, 2012 10:48 am

Re: Anyone using Rust on a PI ?

Tue Aug 11, 2020 8:58 am

ejolson wrote:
Mon Aug 10, 2020 5:13 pm
Since the line numbering and lack of subroutines make it almost impossible to reuse someone else's code, maybe Basic is the safest alternative after all.
Line numbering? Lack of subroutines? That doesn't describe any BASIC I'm familiar with! :lol:

In fact I fear (from your perspective) that the lack of 'sophistication' in BASIC makes it more likely, not less, that one will need to rely on libraries whose provenance may be unclear.

Heater
Posts: 16310
Joined: Tue Jul 17, 2012 3:02 pm

Re: Anyone using Rust on a PI ?

Tue Aug 11, 2020 10:44 am

jahboater wrote:
Tue Aug 11, 2020 8:28 am
Does this initialize the memory?
Yes. That "vec!" is a macro that creates an initialized vector. In this case 1024 elements of 0.

Interestingly I don't state the type of the vector's elements there. It is inferred from the fact that the "read()" returns unsigned bytes, u8.
jahboater wrote:
Tue Aug 11, 2020 8:28 am
Otherwise the read() method may have undefined behavior (bizarrely).
Rust will not let you use anything that has not been initialized.
jahboater wrote:
Tue Aug 11, 2020 8:28 am
Not a security thing, but does "let len =" declare the variable "len"?
Yes.
jahboater wrote:
Tue Aug 11, 2020 8:28 am
In which case its been declared twice in the same block.
Indeed it has. That is not a problem.

I guess I could have declared it mutable "let mut len = ..." and then not have the second 'let". Makes no odds here.

So where is the sensitive information leak?
Memory in C++ is a leaky abstraction .

jahboater
Posts: 5931
Joined: Wed Feb 04, 2015 6:38 pm
Location: West Dorset

Re: Anyone using Rust on a PI ?

Tue Aug 11, 2020 10:49 am

Heater wrote:
Tue Aug 11, 2020 10:44 am
So where is the sensitive information leak?
Well not a leak, just possible UB.
See the doct for the read() method. It says the contents of the buffer should be initialized, and if not, undefined behavior may occur.
Seems very odd to me.
Pi4 8GB running PIOS64 Lite

jahboater
Posts: 5931
Joined: Wed Feb 04, 2015 6:38 pm
Location: West Dorset

Re: Anyone using Rust on a PI ?

Tue Aug 11, 2020 10:53 am

Heater wrote:
Tue Aug 11, 2020 10:44 am
Interestingly I don't state the type of the vector's elements there. It is inferred from the fact that the "read()" returns unsigned bytes, u8.
That's interesting and quite impressive. The compiler has scanned the block looking for references to the vector before assigning the type? Most things like "auto" in C++ take the type from the initializer or similar.
Pi4 8GB running PIOS64 Lite

Heater
Posts: 16310
Joined: Tue Jul 17, 2012 3:02 pm

Re: Anyone using Rust on a PI ?

Tue Aug 11, 2020 10:53 am

jahboater wrote:
Tue Aug 11, 2020 10:49 am
Heater wrote:
Tue Aug 11, 2020 10:44 am
So where is the sensitive information leak?
Well not a leak, just possible UB.
See the doct for the read() method. It says the contents of the buffer should be initialized, and if not, undefined behavior may occur.
Seems very odd to me.
You missed what I said: "vec!" is a macro that creates an initialized vector. In this case 1024 elements of 0.

So read() gets it's initialized buffer space and there is no UB.

The only way to create that buffer uninitialized would be in some "unsafe" block. Which I do not.

But still that code can leak sensitive information that we might link it not to.
Memory in C++ is a leaky abstraction .

jahboater
Posts: 5931
Joined: Wed Feb 04, 2015 6:38 pm
Location: West Dorset

Re: Anyone using Rust on a PI ?

Tue Aug 11, 2020 10:58 am

Heater wrote:
Tue Aug 11, 2020 10:53 am
But still that code can leak sensitive information that we might like it not to.
I give up!

I presumed read() gets the dimensions of the vector and wont overflow it like the deprecated gets() can in C.
Pi4 8GB running PIOS64 Lite

Heater
Posts: 16310
Joined: Tue Jul 17, 2012 3:02 pm

Re: Anyone using Rust on a PI ?

Tue Aug 11, 2020 11:23 am

OK, it was a good try. The problem is:

We have a buffer for 1024 bytes.
read() will read up to the length of the buffer, but it may read less hence then need for "len"
write() is given that buffer to write out and it will output all of it.

So what if read() only got 10 bytes? We are now writing out 1014 bytes past the end of what we read.

That might be OK as Rust forced us to initialize the vector so we are writing a bunch of extra zeros.

BUT we do that read/write in a loop. That buffer may get filled with secret data on some iteration then on a subsequent iteration it only gets a few bytes. OOPs part of the previous iterations data is still in the buffer, unprocessed, and we output it all in write()!

Imagine that the processing in the middle was to encrypt the bytes. Now we have just written out a bunch of plain text bytes!

The fix might be to move the buffer into the loop so that it gets initialized every time. Which might not be efficient.

Or the write should be:

Code: Select all

let len = out_stream.write(&secret_stuff[0..len])?;
Where the "[0..len]" gets us a slice (a view) into the buffer and we output only as much as we input.

This is why the world is full of security vulnerabilities. They can be damn hard to spot.
Memory in C++ is a leaky abstraction .

Return to “Other programming languages”