Skip to content
DevMeme
5436 of 7435
Safely Unsafe: A Rust Library for Memory Vulnerabilities
Languages Post #5959, on Apr 13, 2024 in TG

Safely Unsafe: A Rust Library for Memory Vulnerabilities

Why is this Languages meme funny?

Level 1: Playing with Fire (Safely)

Imagine you have a super strict teacher who always keeps you safe. In this teacher’s class, you’re never allowed to do anything dangerous – no running with scissors, no playing with fire. In fact, this teacher has built a special classroom where it’s almost impossible for you to get hurt because all the dangerous stuff is locked away. Now, picture one day you see a big poster from that very class that says: “Come try our new Safe Fire-Playing Kit! – Play with matches 🔥 safely 🚀!”. That sounds crazy, right? You know playing with matches is dangerous no matter what. The poster is basically claiming, “We found a way to let you do this dangerous thing, but don’t worry, it’s totally safe!”

This is exactly why the meme is funny. Rust (the teacher) is a programming language that normally never lets programmers do dangerous memory stuff. It’s like a super safe playground. The meme pretends there’s a new Rust library (like a new toy kit) that says it will let programmers do all the bad things (like causing crashes and memory mix-ups) but in a “safe” way. It’s a total contradiction, just like “safe fire-playing kit” or a “harmless way to run with scissors”. We all know those phrases don’t make sense — if you play with fire, you’re going to get burned, “safety kit” or not.

So the core joke is the absurd mismatch between the promise and reality. It’s someone winking and saying: “Hey, you know those terrible accidents we’ve been avoiding? I made a special tool so you can have those accidents on purpose, but it’s okay because I put a safety label on it!” 😂 Of course, no one really wants that. Just like no kid actually wants to fall off a bike on purpose, no programmer wants bugs and crashes in their program. By advertising something bad as if it were a cool new feature, the meme makes us laugh at how ridiculous it is. Even if you don’t know Rust, you can sense the silliness — it’s like an ad for “new and improved mistakes, now certified safe!”. It’s the goofy idea of selling a problem as a product, which is so clearly wrong that it becomes funny.

Level 2: Rust vs Memory Bugs

Let’s break down the technical terms and context that make this meme tick. Rust is a systems programming language that prides itself on memory safety. In languages like C or C++, it’s easy to make mistakes that corrupt memory – Rust was designed to prevent those by default. Here are the key bug types mentioned, and how Rust normally deals with them:

  • Buffer overflow: This is when a program writes data past the end of an array or buffer, trampling over whatever memory lies beyond. For example, writing 10 elements to an array that was only sized to hold 5. In low-level programming, a buffer overflow can overwrite nearby data or control information, leading to crashes or even security breaches (attackers exploit this to inject malicious code). Rust prevents buffer overflows in safe code by automatically doing bounds checking. If you try to access an index outside the range of an array or vector, Rust will stop the program (panic) rather than allow you to write into random memory. This means in safe Rust you can’t accidentally overwrite memory you don’t own – the language won’t let you quietly create a buffer overflow bug.

  • Use after free: This bug happens when a program frees/deallocates a piece of memory (meaning it’s no longer valid to use) but later some part of the code still tries to use the old pointer/reference to that memory. In languages with manual memory management (like C/C++ using free or delete), it’s easy to mistakenly free something too early or keep a pointer around after freeing. The result is unpredictable: the memory might now hold other data or may be reserved for something else; using it can corrupt other parts of the program or cause immediate crashes. Rust’s ownership system makes use-after-free virtually impossible in safe code. Rust doesn’t let you explicitly free memory; instead, it automatically deallocates memory when it’s no longer in use (when it goes out of scope or is no longer referenced). More importantly, Rust’s borrow checker ensures that you cannot have a reference to data that has been freed. If an object is moved or goes out of scope, you simply can’t refer to it afterward – the compiler will error out. This means in normal Rust code, a use-after-free bug cannot compile.

  • Segmentation fault (segfault): A segfault is what happens when a program tries to access memory that it’s not allowed to. It’s a common result of the two bugs above (buffer overflows or use-after-free) as well as other issues like null pointer dereferences. The operating system immediately terminates the program when it detects an invalid memory access, to prevent the program from doing damage or reading protected memory. In practice, Rust’s safety guarantees mean that, under normal circumstances, a Rust program won’t just randomly segfault. Instead, if something goes very wrong (like an out-of-bounds access), Rust will panic (a controlled crash with an error message) or prevent the action entirely. However, segfaults can still occur in Rust if you use unsafe code incorrectly or interface with foreign libraries. They can also occur from things like stack overflow (if you recurse infinitely, which is not caught at compile time, the program can run out of stack memory and segfault). But crucially, if you stick to purely safe Rust, you’re extremely unlikely to see a segmentation fault. Rust is designed so that common programming mistakes don’t result in these cryptic crashes – that’s a huge selling point.

Now, about unsafe code: Rust has a concept of safe vs. unsafe code. By default, everything is safe – the compiler checks every reference, every array index, etc. If you need to perform a low-level operation that Rust can’t guarantee is safe (like directly manipulating raw pointers, calling into C code, or using std::mem::transmute to reinterpret memory), you must mark that block of code as unsafe. This is like saying to the compiler, “I, the programmer, assert I’m handling this carefully.” Inside an unsafe block, Rust relaxes some of its strict rules, but it’s on you to avoid mistakes. Think of unsafe as crossing the guard rail: you might need to do it for some system-level tasks or optimizations, but you’re leaving the compiler’s safety net. A well-behaved Rust program might have a tiny portion of unsafe code (or none at all), often hidden inside low-level libraries, while the rest is safe.

The meme references #![deny(unsafe_code)]. This is a directive you can put at the top of a Rust crate or module which tells the compiler not to allow any unsafe code at all in that codebase. It’s a way to enforce that you didn’t accidentally let any unsafe slip in – basically a purity check for the code. Real security-conscious Rust projects sometimes use this to ensure the highest assurance of safety (or they allow unsafe only in very controlled internal modules). In the cve-rs README, they proudly announce using #![deny(unsafe_code)] and claim “There is not a single block of unsafe code in this project.” Normally, that’s a serious point of pride – it means even the tricky parts were achieved with safe abstractions.

But here’s why that’s funny: cve-rs is claiming to offer memory vulnerabilities as a library. How can you have a buffer overflow or use-after-free without unsafe? By Rust’s design, you usually can’t – that’s the whole point! So, this claim sets up a comedic contradiction. It implies the crate found some sneaky way to achieve these bugs while following all of Rust’s rules. In reality, if you tried this, you’d likely have to exploit a bug in the Rust compiler or standard library – essentially leveraging a real vulnerability in Rust itself. (The name cve-rs hints at that – CVEs are IDs for publicly disclosed vulnerabilities, often things exactly like “buffer overflow in XYZ software”).

The crate description also mentions it provides safe versions of those bugs “in a memory safe manner.” The phrasing is deliberately ridiculous. Memory safe means you’re not corrupting memory. Yet it says you can “corrupt your program’s memory without corrupting your program’s memory.” What?? 😅 This paradoxical line is them jokingly saying: “We’ll let you mess up memory, but trust us, it’s fine!” Of course, in truth, if you corrupt memory, by definition your memory wasn’t safe. The meme is playing with the two meanings of “safe”: in Rust, safe refers to not using the unsafe keyword (one might call that language-level safety), whereas generally safe means something is not dangerous or harmful (here, memory safety in terms of program behavior). cve-rs pretends these memory bugs are implemented in “100% safe Rust,” so in one sense the implementation is linguistically safe (no unsafe code used), but the effect it has is unsafe (it introduces bugs). It’s a satire of how sometimes people focus on the letter-of-the-law (no unsafe keyword) rather than the spirit (no memory corruption).

Let’s clarify those features they list in plain terms:

  • Use after free: In normal Rust, if you tried to use a pointer or reference after its memory was freed, the compiler would have prevented you from ever doing so (or it would result in a compile error or a panic). cve-rs claiming to have a “safe implementation” of use-after-free means they provide some function or type that lets you simulate that scenario. Possibly, they could be doing something wild like wrapping data in a reference-counted pointer (Arc) and manipulating the count to free memory early, or using some form of interior mutability trick to invalidate data while a reference exists – but any such trick would usually involve unsafe under the hood or exploit a known flaw. It’s likely just a comedic claim without an actual method, meant to mirror how libraries advertise features.
  • Buffer overflow: Normally in Rust you’d get a runtime panic if you go out of bounds on an array. A “safe” buffer overflow suggests the crate might offer an API like cve_rs::overflow::write(buf, index, value) that will deliberately write past the end of buf without a panic, thereby corrupting whatever is beyond buf – all while written in pure safe Rust. This is again a head-scratcher because how to bypass the bounds check safely? They might do something like use iterator manipulators or unsafe behind curtains… but since they insist no unsafe, it really sounds like a comedic impossibility. The impossibility is the joke.
  • Segmentation fault: Providing a “feature” that causes a segfault on demand (in safe Rust) is similarly absurd. Possibly, one could trigger a segfault “safely” by something like inducing a stack overflow (e.g., infinite recursion) or calling std::process::abort() (which is a safe function to explicitly crash the program) – those will crash the program in a manner similar to a segfault. It’s conceivable the crate simply calls .unwrap() on a None or uses array indexing out-of-bounds in an unchecked way that the optimizer might not catch, to force a crash. Regardless, advertising a crash as a feature is pure satire. It pokes fun at the idea of wanting to crash a program in a language that tries so hard to prevent crashes.

Finally, the mention of reimplementing core::mem::transmute safely is a direct jab at Rust’s core library. The standard transmute is unsafe specifically because it can easily lead to all the bugs above if used incorrectly – it’s like a portal out of the safe world. By claiming a safe reimplementation, the author is winking at us: they’re essentially saying, “We made a version of the most dangerous function, but don’t worry, it’s totally safe now (wink wink).” In truth, any safe wrapper around transmute would have to impose the same restrictions (for example, ensuring types are the same size and compatible) – if it doesn’t, then it’s not actually safe at all. So the crate is likely imagining doing crazy type conversions with some hack but still technically not using unsafe. It’s a very ironic twist on secure coding practices: instead of proudly wrapping unsafe things to make them safe, they’ve wrapped safe code around to make it do unsafe things.

All in all, the meme is riffing on Rust’s identity in the programming world: Rust is the language you go to when you don’t want security bugs and low-level memory fiascos. Seeing terms like MemorySafety, SecureCodingPractices, and SecurityFlaws all flipped on their head in a Rust context is immediately funny to those familiar with these concepts. It’s like an alternate bizarro Rust where someone says, “You know all those terrible bugs Rust helped us avoid? I missed them – let’s add them back in, but call it a feature!” The humor lands best if you know how serious these bugs are in real life and how hard people work to keep them out. cve-rs is a joke crate – to our knowledge, not a real library you’d find on crates.io (and if it were, you definitely wouldn’t want to include it in your Cargo.toml!). It’s a satire of low-level programming nostalgia and a playful jibe at Rust’s strict safety culture, all wrapped up in a faux-serious package.

Level 3: Bugs as Features

For experienced developers, the humor practically jumps off the page. Rust is known industry-wide as the language that eliminates common memory bugs. It was created in large part because of decades of pain caused by things like buffer overflows and segmentation faults in C and C++ programs. Those bugs have caused countless security vulnerabilities (each officially catalogued as a CVE entry) and many a 3:00 AM production meltdown. Seasoned engineers still have PTSD from chasing down wild pointers and mysterious crashes. Now along comes this satirical Rust crate README advertising exactly those nightmares as selling points! It’s a classic case of turning “bugs into features” for comedic effect.

The README is written in the upbeat, promotional tone we often see on legit project pages – complete with marketing buzzwords and emoji. “Blazingly 🔥 fast 🚀 memory vulnerabilities, written in 100% safe Rust. 🥵” plays on Rust’s own reputation for performance and safety. Rust’s official slogan often emphasizes how it’s “blazingly fast”, and many Rust projects proudly state they use 100% safe Rust (meaning no unsafe code) to reassure users of robust safety. Here, those bragging rights are wickedly inverted: the crate promises blazing speed and memory corruption, together at last. The little sweat emoji (🥵) next to “100% safe Rust” adds to the tongue-in-cheek tone – as if even Rust’s safety is feeling the heat from these intentional bugs! It’s implying, “This is so spicy, even Rust is sweating.”

The line that really nails the joke is: **“with cve-rs, you can corrupt your program’s memory without corrupting your program’s memory.”** The sentence deliberately circles back on itself. It suggests you can have the effect of memory corruption but somehow not suffer the usual consequences – a nonsensical promise. It’s like saying, “We’ll break everything, but don’t worry, nothing will be broken.” To an experienced developer, this immediately reads as heavy sarcasm. It mocks the way marketing language in tech can sometimes promise impossible combinations of properties. Here it promises the thrill of dreaded security flaws packaged with the comfort of Rust’s memory safety – mutually exclusive concepts presented with a straight face.

The crate’s feature list is the hall of fame of notorious bugs: Use after free, Buffer overflow, Segmentation fault – each one a term that normally sends shivers down a programmer’s spine. In real-life projects, discovering any one of these is cause for emergency patches and long post-mortems. Yet cve-rs proudly lists them as if they’re shiny new abilities your application can have. This reverses the usual attitude: normally, we brag about avoiding these bugs. For example, a Rust program brag might be “no null pointer dereferences, no buffer overruns!” But here the brag is “now you can have a buffer overrun, safely!” It’s a hilarious inversion that plays on collective knowledge: every senior dev knows these bugs are bad news. Presenting them as a catalog of features is absurd in a way that only someone who has battled these in C codebases would fully appreciate. It’s a bit of dark humor shared among programmers: “Remember all those awful nights debugging segfaults? Kinda miss that adrenaline? Well, here you go – now with Rust’s seal of approval!”

Another layer of humor is how it stresses memory-safe implementations of these bugs. This phrase is a direct contradiction. Memory-safe usually means free from memory corruption, yet it’s used to describe causing memory corruption. The README doubles down on Rust’s safety buzzwords: it even says “We are very committed to making sure cve-rs is memory-safe… That is why cve-rs uses #![deny(unsafe_code)] in the entire codebase. There is not a single block of unsafe code in this project.” This is parodying the earnest assurances library authors give about soundness. By stating #![deny(unsafe_code)], the author mimics a real Rust crate that guarantees it doesn’t use any internal unsafe trickery – meaning the crate’s code fully complies with Rust’s safety checks. In a serious project, this is a green flag. In cve-rs, it’s hysterical because the outcome of using the crate is specifically to introduce problems that unsafe code would normally cause! It’s like an airplane manufacturer bragging that their new model has no manual overrides at all, while that model is designed to nosedive.

The README even includes a satirical footnote admitting to one tiny exception where unsafe had to be used – not in the main code, but in tests for comparison purposes. The footnote reads:

“There is, unfortunately, one exception: In our tests, we compare the results of our safe transmute function against the regular std::mem::transmute function. Perhaps somewhat short-sightedly, the standard library implementation is unsafe. Regardless, this is only in our tests – the core library has no unsafe code.”

This tongue-in-cheek aside lampoons the kind of thorough transparency Rust developers go into when justifying any use of unsafe. In real projects, if a crate must use unsafe, maintainers often document why it’s okay. Here, the author “regretfully” notes they had to call the real std::mem::transmute (which is inherently unsafe) in the test suite, implying their “safe transmute” needed to be validated against the unsafe baseline. The phrasing “perhaps somewhat short-sightedly, the standard library implementation is unsafe” mock-chides Rust’s standard library for not foreseeing the need for a safe version of this inherently unsafe operation. It’s a sly dig: of course std::mem::transmute is unsafe – it’s by design. Calling that decision “short-sighted” is absurd, and that absurdity is the joke. It maintains the spoof that cve-rs genuinely believes in its mission to bring unsafe behavior into safe Rust, as if Rust’s designers simply lacked vision. Seasoned readers recognize this as deadpan humor, similar to a dry comic routine delivered with an earnest tone.

From an organizational perspective, this meme also pokes fun at the culture around secure coding practices. Modern development teams emphasize writing safe code, adding bounds checks, using tools to catch these errors. Rust is often introduced in companies specifically to eliminate classes of security bugs. The idea that someone would intentionally add them back “for convenience” satirizes any contrarian attitude a developer might have against Rust’s strictness. It’s reminiscent of the jaded veteran who jokes, “Rust is great and all, but sometimes I miss my null pointer dereferences.” No one actually misses them, but the joke lands because it’s a reversal of the usual complaints. In truth, if a library like this did exist and people used it, senior engineers would facepalm so hard: it would undermine all the benefits of choosing Rust in the first place. The meme, therefore, also carries an implicit “thank goodness this is only a joke” for anyone who has advocated using Rust for safety.

In sum, to a veteran developer this meme is funny on multiple levels: it parodies Rust’s marketing (“blazingly fast”), twists a nightmare scenario into a cheeky feature list, and uses Rust’s own idioms (safe code, no unsafe) to deliver a deeply ironic contradiction. It’s a wink to all the programmers who fought memory bugs for years: now that we have a language that finally saves us from them, wouldn’t it be ridiculous if someone put them back on purpose? Yes, it would – and that ridiculousness is exactly what we’re laughing at.

Level 4: Safe-Unsafe Paradox

At the highest technical level, this meme highlights a paradox in Rust’s safety model. In Rust, safe code (code that doesn’t use the unsafe keyword) is supposed to be memory safe by construction. Rust’s compiler (through the borrow checker and strict rules about ownership and lifetimes) acts like a theorem prover, guaranteeing that undefined behavior – things like dangling pointers, buffer overflows, or use-after-free – cannot happen unless we deliberately step outside the rules. The crate cve-rs boldly claims to introduce classical memory bugs using only safe Rust. This suggests exploiting a loophole in Rust’s type system or runtime – essentially finding an unsoundness in Rust’s guarantees. In formal terms, if you manage to cause a segmentation fault or corrupt memory without a single unsafe block, you’ve constructed a counterexample to Rust’s safety proofs. It’s as if someone proved 2+2=5 inside a system that forbids arithmetic errors – both impossible and alarming (and here, intentionally hilarious).

The mention of a “safe reimplementation of core::mem::transmute” is especially eyebrow-raising to seasoned Rustaceans. The function std::mem::transmute is the ultimate type-casting escape hatch – an unsafe function that lets you reinterpret any bit pattern as any type, bypassing the compiler’s strict type checks. A “safe transmute” is an oxymoron: it implies the power to violate type safety without the usual unsafe declaration. This goes against Rust’s design, where such unchecked conversions are marked unsafe precisely because they can break the soundness of the program if misused. By claiming a safe transmute, cve-rs is tongue-in-cheek suggesting they found a way to subvert Rust’s type system internally (perhaps via clever use of generics or abuses of existing safe APIs). In reality, if such a purely safe transmute exists, it would indicate a serious bug in the language’s safety guarantees – the kind of issue that would itself earn a CVE in Rust’s issue tracker! The crate name cve-rs nods at this: Common Vulnerabilities and Exposures (CVE) are IDs for real security flaws. A “safe Rust memory vulnerability” essentially hints at a vulnerability in Rust’s own safety ethos.

Rust’s promise is that memory safety can be achieved without garbage collection, via compile-time checks. The humor here pokes at the theoretical boundary: can we intentionally create memory unsafety while still following all the rules? Under the hood, Rust’s safety is enforced by strict aliasing rules and lifetime tracking – if those rules have any unsound corner, a crafty programmer might exploit that to cause mischief. Over the years, a few such soundness bugs have been discovered in Rust’s standard library or compiler (where a safe API turned out to allow memory corruption). Those are rare, treated with high severity, and swiftly fixed. cve-rs satirically presents such unsoundness as a feature, as if it’s something desirable to end-users. It’s basically saying: “We took the one thing Rust guarantees shouldn’t happen, and we packaged it for you – and we did it properly (with no unsafe code of our own)!” This is a playful jab at the formal safety guarantees Rust provides, contrasting them with the chaotic freedom of low-level programming in C/C++ where buffer overflows and use-after-free bugs roam free.

In summary, on a deep technical level the meme highlights the language safety paradox: Rust’s entire compiler architecture is built to banish these memory errors, treating them almost like math errors that get proved impossible. Advertising “blazingly fast memory vulnerabilities, 100% safe Rust” is a tongue-in-cheek way to say: What if we could have the forbidden fruit (memory corruption) without the original sin (unsafe)? For anyone versed in programming language theory or Rust’s guarantees, this scenario is both absurd and darkly comic – it’s like witnessing a proof by contradiction turned into a product pitch.

Description

A screenshot of the documentation for "cve-rs," a satirical Rust library. The text humorously claims to allow developers to introduce memory vulnerabilities like buffer overflows and segfaults in a "memory safe" way. The page header reads "cve-rs" and the tagline is "Blazingly fast memory vulnerabilities, written in 100% safe Rust." The body of the text explains the "benefits" of being able to corrupt memory in a safe language. The technical joke is layered: it satirizes Rust's obsession with safety by creating a library for intentionally unsafe behavior, ironically claiming it's all safe. It's a deep-cut joke for developers who appreciate Rust's memory safety guarantees and the absurdity of circumventing them

Comments

46
Anonymous ★ Top Pick This library is perfect for when you need to explain to your C++ colleagues what a memory-safe language is, but in a language they'll finally understand: a segmentation fault
  1. Anonymous ★ Top Pick

    This library is perfect for when you need to explain to your C++ colleagues what a memory-safe language is, but in a language they'll finally understand: a segmentation fault

  2. Anonymous

    Security wanted a realistic exploit drill but compliance forbade `unsafe`; so I just `cargo add cve-rs` - now we ship use-after-free in 100% safe Rust and Clippy still high-fives the commit

  3. Anonymous

    After 20 years of fighting memory corruption bugs, we've finally achieved the impossible: a way to write segfaults that pass the borrow checker. Now your Rust code can have all the excitement of C++ undefined behavior while still compiling with --release and sleeping soundly knowing you never wrote 'unsafe'

  4. Anonymous

    Finally, a crate that lets you write Rust code with all the memory safety of C, but with the smug satisfaction of still passing `cargo clippy`. It's like achieving zero-cost abstractions by abstracting away the cost of actually being safe - truly the pinnacle of 'if it compiles, it works' philosophy, now with 100% more segfaults as a feature, not a bug

  5. Anonymous

    cve-rs: where Security Theater meets the borrow checker - UB-as-a-Service with #![deny(unsafe_code)] so compliance is happy while prod still gets reproducible segfaults

  6. Anonymous

    The borrow checker greenlit this buffer overflow - peak memory-safe architecture

  7. Anonymous

    Rewriting in Rust broke our bug‑compatible acceptance tests, so we added cve-rs - now even the segfaults pass without unsafe

  8. @tuguzT 2y

    lifetime resolution go brrrrrrrrr

  9. @ov7a0 2y

    https://github.com/Speykious/cve-rs

  10. @azizhakberdiev 2y

    C could never

    1. @ZgGPuo8dZef58K6hxxGVj3Z2 2y

      C++ doesn't need it. It comes automatically if (user->hasSkillIssue)

      1. @azizhakberdiev 2y

        but it ain't blazingly 🔥 fast 🚀 and 100% memory safe 💯

  11. @beton_kruglosu_totchno 2y

    So does it really demonstrate that Rust's safe code is unsafe? There's no joke there?

    1. @purplesyringa 2y

      It demonstrates that rustc has a bug that causes unsound code to be accepted despite that not being the intention. Whether you interpret that as "Rust is unsafe" is your decision

    2. @Saeid025 2y

      Well even in safest language you still can try your best to shoot your leg with a gun...

      1. @beton_kruglosu_totchno 2y

        I see, you are from "you are holding it wrong" team.

        1. @Saeid025 2y

          Not really, I'm more from "use it however you want, in the worse case scenario you'll hurt yourself" team

          1. @azizhakberdiev 2y

            "fuck around and find out" team to be more precise

        2. @LonelyGayTiger 2y

          You have deliberately abuse Rust to get any of these bugs to occur.

        3. @L2CacheGay 2y

          i dunno why people make such a fuzz out of cve-rs

          1. @sylfn 2y

            https://t.me/utk8g/1968

            1. @L2CacheGay 2y

              Hm?

              1. @sylfn 2y

                they are trying to push rust back because they think it is too aggressively imposed

                1. @L2CacheGay 2y

                  Well, they should probably go shopping for better arguments to use, then

          2. @beton_kruglosu_totchno 2y

            compare your replies to my original question

            1. @L2CacheGay 2y

              I have, and I still don’t see why anyone would make a big deal out of it

              1. @beton_kruglosu_totchno 2y

                So does it really demonstrate that Rust's safe code is unsafe? There's no joke there? if you see any "deal" in these words you do not understand language of Shakespeare

                1. @L2CacheGay 2y

                  well, its no big deal because it doesnt demonstrate that rust's safe code is unsafe

                  1. @L2CacheGay 2y

                    like i said, all it demonstrates is "rustc has a bug"

                    1. @Meepers 2y

                      I actually like rust, but doesn't that mean they failed their 'guarantee'?

                      1. @L2CacheGay 2y

                        why would it

                        1. @Meepers 2y

                          Because of what 'guarantee' means?

                          1. @L2CacheGay 2y

                            if the bar for being able to make claims like that is as high as not having even slight implementation bugs, then nothing that hasnt been formally verified can really claim anything

                            1. @L2CacheGay 2y

                              (that is, assuming the models youre using for your verification aren't themselves flawed)

                            2. @L2CacheGay 2y

                              i feel like it makes sense to take these things in context is this kind of bug particularly unique for community-driver compilers? not really does it indicate a fundamental flaw with the memory safety model, or is it just a mistake on the part of the compiler in enforcing that model? everything seems to point to the latter how easy is it to trigger by mistake? doesn't look like it's something you could just easily stumble upon, but it doesn't seem impossibly hard to trigger, either how much does it detract from the goal of memory safety in an average program? given that it seems to have been very rare in the wild, little to basically not at all to me, all that cve-rs seems to indicate for rust is the basically foregone conclusion that "you can't trust a compiler to not never have bugs", which is not something that was ever being claimed for rustc

      2. @CcxCZ 2y

        There are languages that are designed with handling malicious code in mind. There are languages that impose formal verification and compilers that went through one. Sure, there is still possibility for something to go wrong (insufficient model, hardware not behaving according to spec, etc…) but it's significantly different bar.

        1. @Saeid025 2y

          Could you name some?

          1. @CcxCZ 2y

            https://github.com/dckc/awesome-ocap?tab=readme-ov-file#programming-languages https://en.m.wikipedia.org/wiki/CompCert https://cakeml.org/ https://www.fstar-lang.org/ Anything working with mobile code, smart contracts, etc. will generally take the "no escape hatches" approach. Also I've always found Ada to be more readable than Rust.

        2. @colllapse 2y

          but when you hack your teach brain when he compiles your malicious code in his head is priceless

  12. @AlexKart20129 2y

    😄😁👏

  13. @Saeid025 2y

    It's like spoon is safe to use by design, but you still can plop your eyes out with it if you want 😁

    1. @colllapse 2y

      nah, it's a legit compiler bug. and yet unfixable due to ongoing refactoring

      1. @purplesyringa 2y

        GCC's and Clang's codegen around floating-point numbers on x86 is fucking unsound and no one bats an eye rustc has a soundness bug no one could possibly accidentally trigger and everyone loses their minds

        1. @colllapse 2y

          floating point has some spec. rust lifetime doesn't (yet). but losing they mind due to ability to segfault safely

          1. @purplesyringa 2y

            > floating point has some spec I'm not sure how that's related to codegen bugs in any fashion? > but losing they mind due to ability to segfault safely I mean, that's what soundness bugs do. Almost any soundness bug can lead to a segfault when exploited intentionally, regardless of the language. The original bug doesn't cause a segfault by itself, it has to be used as a primitive to perform a use-after-free to corrupt a pointer.

  14. @L2CacheGay 2y

    its a compiler bug, those happen, and rustc is a young compiler. whats the big deal?

Use J and K for navigation