[execveat]

Rust doesn't prevent integer over/underflows.

[roca]

It helps. In Rust debug builds, integer overflows crash -> tests will detect them. In release builds they're not detected by default, but you can add "overflow-checks = true" to the Cargo profile to enable those checks in release builds too if you want.

[miohtama]

overflow-checks=true is already present in many cryptographic and blockchain Cargo packages, as its trade-offs are worth it Vs. a human error.

[pornel]

Additionally the only type allowed for array indexing and buffer slicing is usize, equivalent of size_t, and it's 64-bit on 64-bit platforms.

[1over137]

>In Rust debug builds, integer overflows crash

That's true with C/C++ compilers too, if you want, using UBSan.

[roca]

Unsigned integer overflow is not undefined behavior in C++ so won't be caught by UBSan.

Also, UBSan is more overhead than turning on Rust's overflow checking.

[eptcyka]

Yes, but crypto should probably use under/overflow safe arithmetic, which the rust standard library allows for.