These specific ones? Yeah, not that big a deal, but my post is about a development mindset, not the specific implementation. A few vulnerabilities show up in otherwise really great software and the idiots who browse this joint literally say the guy needs an intervention.
I don't get what you're arguing - this has nothing to do with the developer mindset. He just has to flip a compiler switch and vulnerabilities won't be trivially exploitable anymore.
No kidding. The authoritarian security cargo-culting irritates me too.
The fact that 7-zip bugs are rare enough that they make news when they are discovered already says a lot about the overall quality of the code. Many other projects with all the bloaty mitigations and other ostensibly "for security" cruft still manage to create severe bugs on a regular basis.