Hi, Theo de Raadt wrote on Thu, Jun 11, 2020 at 10:12:47AM -0600: > Romero Perez, Abel <[email protected]> wrote:
>> I suggest only to have a look into better measures of security by >> researching optimization flags, to find an equilibrium of optimization >> and security. > Romero, that is bullshit. However, there is something i ought to do to make such bugs less likely: Remove the last vestigial type-unsafe pointer handling. That was designed a decade ago with an excessive focus on flexibility when the scope of the program was not yet clear. A typical example of over-abstraction. When you don't know yet how general your code might need to be, write specific code first. If it turns out additional situations need to be handled, consider generalizing it (and again, don't go overboard). Never invent abstractions "because just in case". If we would need many dozens of different output formats, and people would want to plug in new ones at run time or something crazy like that, the abstraction implemented with these void pointers might have a point. But now that we know that less than a dozen output formats are really needed, and that they are all very stable, there are very likely ways to improve this code, making it more robust and less error-prone. Yours, Ingo
