[CivBase]

Are you saying that every project written in C has suffered from a memory leak issue at some point? Most C/C++ code I've personally written doesn't even use the heap.

I work on avionics and we use C/C++ now and then. We have a ton of rules regarding memory management (pretty much everything stays on the stack) and I can't recall anything I've ever been involved with suffering from a memory leak.

[Cyph0n]

If basically everything stays on the stack, you’ll have a much lower chance of seeing a memory leak, by definition.

[CivBase]

Exactly. Using C/C++ doesn't have to mean using the heap.

[eptcyka]

Using the heap has nothing to do with the code being safe or unsafe.

[tshtf]

All I'm saying is that it's a trivial oversimplification to say you can learn to miss every time.

[eptcyka]

Don't need a leak for C code to be vulnerable, in fact not using the heap helps - just one missing bounds check on user input and you can write to the stack. OTOH, W^X should catch those.