|
|
|
|
|
|
by ekidd
5 days ago
|
|
|
> The problem is memory that you allocated in the past, have freed, but hasn't been returned to the OS[0]. There are at least two different ways in which memory might be semantically "uninitialized": 1. The memory was provided by the OS. On modern desktop and mobile OSes, this memory will normally be zeroed automatically.
2. The memory was provided by the language's allocator. This may contain a mix of data used by previous allocations and memory that has never been touched (perhaps because previous allocations reserved it as end-of-array "capacity" that never got used). From the perspective of a language like Rust, this memory is considered uninitialized, and safe code should never be able to read it without first setting it. In ancient C code, it makes a fair bit of sense to preemptively calloc everything. Or better, to wrap the allocator with one that zeroes on free. Though even there, you need to be careful not to expose recycled heap block headers in the middle of newly allocated objects. My opinion for the last 30+ years has been that C is unfit for purpose, and that using it almost inevitably introduces large numbers of dire security holes. But until the last 10-15 years, there hasn't been any seriously viable alternatives. |
|
|