Originally posted by ultimA
View Post
- You didn't provide rust CVEs for firefox, just some statistics. I checked a few CVEs and they are all in C++ code. So no, guesstimating doesn't help. Provide me at least one about rust code which is about memory unsafety. Or at least one about rust code, if you don't find any with memory unsafety.
- Not all CVEs are about memory unsafety. But in C++ most are according to the stats you quoted.
- The rust CVEs about the packages on crates.io are not about memory unsafety. Those are bad bugs fore sure, but not about memory unsafety. That is something entirely different.
- I don't argue that there are no bugs in firefox's rust code. And I'm positive you'll find crashes in rust code. Or maybe even CVEs where some parser did something stupid. But I'm positive you find none about memory unsafety. And that was all that was ever promised.
Leave a comment: