|
Browsers depend on tons of 20-year-old C libraries.
At the moment, the top link from the Twitter account you gave above is this one from November 6:
https://twitter.com/LazyFishBarrel/status/119228101802954342... It reports a total of 37 issues in: - freetype2 (C lib, 20+ years old)
- usrsctp (C lib, age unknown)
- libexif (C lib, age unknown)
- libxslt (C lib, 20+ years old)
- imagemagick (C lib, 20+ years old)
- mruby (C)
- php (C)
- openSSL (C, 20+ years old)
- curl (C lib, 20+ years old)
- ffmpeg (C lib, 18 years old)
- ghostscript (C lib, 30 years old)
- irssi (C, 20 years old)
In that list were also Skia and libsass, two projects actually written in C++.In Sass, the issue is a nullptr issue:
https://github.com/sass/libsass/issues/3001 In Skia the bug was in intrinsics code:
https://skia.googlesource.com/skia/+/0f55db539032a23b52897ae... Of course that's a single data point, but it shows what I think is a reasonable argument: most of the issues indeed happen in (old) C code, for well-known reasons (no standard string, array or collection support, no RAII), but because C++ supports those things by default it largely avoids those issues. |