Thread 106493379

The absolute state of CNiles ...

>>106493379 (OP)
a lot of zozin on here today

>>106493394
>/g/ in 2020: DistroTube + Luke Smith
>/g/ in 2025: Tsoding + Drew Devault

In the time that he wrote that comment he could have just added the bound checks.
Game devs are the worst.

>>106493440
Ecelebs will forever be a cancer. Luke Smith was a bit of a pseud and Distrotube isn't much of a programmer, so Tsoding is at least a small improvement. I remember watching his content when he was a Haskellfag. That was also during the FP craze. Now the trend is low level programming and he's all about C and C replacements. Also a move in the right direction. Maybe 5 years from now people will start being obsessed with Lisp.

>>106493379 (OP)
you can also blame the retards who shoved a whole virtual machine in a font file

// gcc -O2 -Wall -Wextra -Werror
#include
#include
#include
#define E_YOU_ARE_STUPID (-2)
typedef struct { uint64_t garbage; uint64_t more_garbage; } Result;

int UnsafeParse(uint64_t start, uint64_t end, Result* output);
int DoStuff(Result* a);

static inline int Parse(uint64_t start, uint64_t end, Result* output) {
if (start >= end) {
return E_YOU_ARE_STUPID;
}
if (output == 0) {
return E_YOU_ARE_STUPID;
}
return UnsafeParse(start, end, output);
}

int Run() {
Result* output = (Result*)malloc(sizeof(Result));
int code = Parse(0, 1024, output);
if (code == 0) {
DoStuff(output);
}
free(output);
return code;
}


Run():
pushq %rbp
movl $16, %edi
pushq %rbx
subq $8, %rsp
call malloc
movq %rax, %rbp
testq %rax, %rax
je .L5
movq %rax, %rdx
movl $1024, %esi
xorl %edi, %edi
call UnsafeParse(unsigned long, unsigned long, Result*)
movl %eax, %ebx
testl %eax, %eax
je .L8
.L2:
movq %rbp, %rdi
call free
addq $8, %rsp
movl %ebx, %eax
popq %rbx
popq %rbp
ret
.L8:
movq %rbp, %rdi
call DoStuff(Result*)
jmp .L2
.L5:
movl $-2, %ebx
jmp .L2

yo i just watched the stream tooooo!

>>106494013
>yo
N

>>106493379 (OP)
just throw away performance by wasting time bounds checking files that you know are the right size. The absolute state of rustrannies

>>106494069
>that you know are the right size
Prove it.

>>106494091
well if you want to use malicious font go ahead, we assume you know what you are doing

I fail to see the issue. Maybe what people need is a define, IM_A_FUCKING_RETARD, which enables and duplicates security checks.

>>106493379 (OP)
Bozo took the time to write out this warning instead of adding a simple range check...

>>106494216
almost like the lack of range check was intentional...

>>106493634
C to Lisp would be a move in the wrong direction. Lispfags know the value of everything and the cost of nothing.

>>106494228
This kind of attitude is why Firefox had to move font parsing to webassembly

>>106494302
firefox parses fonts downloaded off the web. and also is made by retards, of course they chose to destroy performance instead of fixing their code, they have no clue how to do the latter

>>106494302
False equivalency

>>106494302
>>106494319
i didn't make the difference clear: one is deliberately not bounds checking for performance reasons, the other is trying to bounds check, but being too retarded to do it right

>>106494069
turn on function inlining >>106494009

>>106493634
Tsfdiig is just a perpetual nocoder fag

>>106494339
the fact that the bounds check is unnecessary depends on the data file, so you would need to inline the entire file to pull that off. Besides being retarded in it's own right, no compiler today would manage to optimize out the bounds check even if you did that.

>>106494091
I checked right before compiling.

>>106494069
>throw away performance
You just know that this poster is a dumb low iq unemployed pseud
because obviously, to anyone with an IQ over 80, bounds check cost a couple of CPU cycles, while the processing of the glyph costs hundreds of thousands, maybe millions of such cycles. Therefore, to any rational person, this """cost""" is negligible.

>>106494117
Malicious fonts won't call themselves malicious. It might not even malicious by intent, but by ignorance. Do you know what you're doing?
>>106494441
So you used software to bounds check the font? Are you going to bundle that with your software if you enable user font selection or expect the user to also check their fonts?

Post 1 font actually used by the the average consumer that is maliciously reading arbitrary memory

>>106494469
the code takes time to write and actively makes the code slower while providing zero benefit.

>>106494518
you're as retarded as the people you're arguing against. if some software has an rce, then people will craft files to exploit that rce. Obviously the code is unlikely to be exploited by files that already exist in the wild.

>>106494518
>I don't even know if it exists. Thus, it won't happen.

>>106494522
It takes one hour to do bounds checks at most, and there is a benefit (ability to use the library on untrusted fonts without having RCEs in your program)

>>106494469
even just 1 cycle is worth it because you people have been saying this same shit for years and made this "negligible cost" not so negligible.

>>106494614
>you people have been saying this same shit for years and made this "negligible cost" not so negligible.
You are so retarded that it hurts. Implying that software is slow because of bounds checks instead of garbage collectors or just outright using python/js like 99% software today, it is so retarded that I don't even know what to say

>>106494631
i dont believe you had trouble parsing my intent. i believe you are being intentionally obtuse for effect.

>>106494585
>and there is a benefit (ability to use the library on untrusted fonts without having RCEs in your program)
use a library designed for that. not every library needs to be designed for every use case.

>>106494488
Why do faggots like you need someone to hold your hand to do anything? You're the same as the Rust shills on here. The way you lot talk it would seem that at any given time you are 5 seconds away from doing some catastrophically stupid lest you have some sort of safety system in place in order to prevent you doing X stupid thing. I've been using computers my entire life and the only time I have downloaded malicious programs is when I have intentionally tried to get said program to play around with them. The solution to the problem here isn't putting in thousands of safety checks in every single code base, it's the user stopping for a second or two and thinking for themselves.

>>106494631
anon when someone starts saying retarded shit like "checking the bounds would be too slow" that's your cue to leave the thread, the poster is hopelessly delusional. your /g/ experience will be better when you ignore all (You)'s that are stupid

>>106494488
>if you enable user font selection
Why would I do that?

>>106494974
>Doesn't explain xirself but instead makes some unrelated grandiose post about xir's head-cannon about the poster because you have no real argument against them but won't concede your position because you can't bear the thought of some cnile chud getting one up on you.
Embarrassing.

>>106493742
which was inherited from Postscript

>>106494928
>yes, let's just make all file types potential malware to promote "thinking"
what a retarded post

>>106494690
>not every library needs to be designed for every use case
But I really NEED my arithmetic library to read email!

>>106495601
What a hilarious cope.

I wouldn't be using actual font or image formats if I was a gamedev to begin with.

>>106494974
Checking bounds introduces branches and that is costliest thing you can possibly do.
All truly fast software is branchless and vectorized, that's how it is so fast, you retarded subhuman nocoders are tiresome.

>>106496015
Branches are free. Missed banch predictions are expensive. A bounds check will always be correctly predicted, hence it costs almost nothing

>>106496060
If bounds check will always be correctly predicted, you can simply remove it.

>>106496015
I've come here to call you a filthy code monkey and that you should rewrite yourself in js.

>>106496075
Ok nocoder, anything else?

>>106496067
True in the op case, obviously, but in general no. If the bounds checking were removed, then (and only then) people might craft malicious files that exploit the lack of checking. As long as bounds checking is there, no such files will be crafted, so it's fair to say it's "always" correctly predicted. But we can modify the statement to "always [for non-malicious, uncorrupted files]" and still come to the same conclusion.

>>106496129
see >>106495962
Games don't need complexity of fontslop, in fact, no software does, kill yourself with your shitty self invented problems, literally no good format causes nonsense like that.

>>106494069
you can just clamp start to end using a single bitwise operation funnily enough

>>106493634
Lisp is just academoidslop that as all academoidslop sucks in the real world

>>106494585
Writing correct bounds checking is actually quite annoying. Especially so if you are working with binary files loaded into memory.

if((ptr + offset + length) < end)
error;


Consider the above, its wrong because of overflow. Its an absolute pain in the ass to make sure that every bounds check respects overflow. Sure you can make helper functions, but there are so many different variations that it quickly becomes a mess.

thinking that this check or the accumulation of safety checks like this in software will lead to perceptible degraded performance is autism

>>106497221
well, let's see your benchmarks

>>106497974
I don't do microbenchmarks on dumb shit, I use a profiler like tracy and optimize for things that take > 100ms

>>106498433
you're fine with a font taking 100ms to load?

>>106493379 (OP)
If you use a malicious font there are much worse things it can do than just read memory. it could literally ping fbi servers and pretend to be their malware that they use to catch people sharing CP

>>106493634
IDK I learned haskell before finding tsodings and quickly realized that it was a shit lang after learning about unix and reading catv propaganda

>>106497047
are you expecting an overflow of size_t?

>>106498433
A malicious program hidden in a font could literally ping a server in that amount of time

>>106494690
what's more embarrasing than using a 50 years old programming language? justify it's usage.

>>106500480
shoo

>>106493634
Lisp is eternal.

>>106493379 (OP)
this is the correct way to do things
range checking wastes cpu cycles just dont use files with incorrect offsets

>>106494069
>Im so used to nobody conveying any useful information in my shit language I can't even conceptualize checking an invariant once and being certain from then on of it's enforcement instead of checking every operation
grim

>>106494928
>priviledge escalation using a fucking scrollbar? WINBLOWS BTFO NICE ONE MS PAJEETS
>well to be fair the users should stop and think that a font they are installing may be exploited by malicious code to escape sandboxing, it's common sense really

>>106502388
Nice toy language. Impossible for third parties to maintain where any degree of complexity is required.

>>106502600
All it takes is one dumb mistake to blow up your program, and very easily done by some min wage designer working with fonts

>>106503391
dont blow it up then
wasting cycles is retarded

>>106503109
See >>106503498

>>106503109
of course you can do bounds checks with a minimal performance impact, but it takes substantially more work than doing it the naive way. Probably the simplest way would be to do a pass at the start that checks that the file is valid, then not check any bounds thereafter. I think even a rustranny should be able to figure out why that's retarded.

>>106502600
do your range checking in assert statements

>>106503542
asserts will waste time when running the problem, crippling it's performance

>>106503699
-DNDEBUG you brainlet. stay away from computers

>>106503712
if the bounds checks only exist in debug builds, then they're worthless for protecting from malicious files in release builds. They're good for... debugging

>>106503806
git gud

>>106503712
whats the point then dumbass you're just adding lines of useless shit that wont be run

>>106503219
Sneed. Go back to writing your Hello World in whatever zoomer FOTM toylang you fags shill.
Meanwhile, I'll enjoy my Maxima written in pure Common Lisp.
https://maxima.sourceforge.io

>>106493394
>zozin
literal who

>>106503867
catch the programming errors while you are testing
am I the only one they gives a shit about the rules anymore dot jpg

>>106493379 (OP)
Instead of adding the checks to the loading function, why not make it separated?
>first step: check the whole file first so everything is correct/in range/as expected
>second step: does the actual load into memory

>>106507731
because it wastes cYcLeS bRo!

>>106507938
But this way you check it only once, and you can load it multiple times afterwards without any checks, instead of checking it every time you load it.

>>106494053
I

>>106507962
Because it's unnecessary if you have control over the fonts. Use a different library with strict checks if you have potentially malicious files you have to support.

>>106507938
how so

>>106507731
Instead of running the check function every time you load the file, why not run it once on a given font then trust that font thereafter?
Since performance no longer matters for the check function, why not use an off the shelf solution instead of writing it yourself?
And you just discovered why the software works like it does, congratulations.

>>106509497
It was sarcasm it doesn't matter in the real world. Caring about this is suckless tier brainrot

>>106503806
>>106493379 (OP)
stb_truetype is created for video games where you provide your own fonts. This is not a problem.

>>106507731
Because you have to parse the font files, you would have to create two parsers for that. And for correct range checks you need to store data in memory to reference the ranges. So you end up loading the font anyways, so its dumb to do it separately. You would create two parsers that do pretty much the same thing.

>>106494488
>enable user font selection
In a videogame?

>>106496060
>Branches are free.
No they absolutely are not "free".
Just because Intel, AMD and Apple do some insane wizardry in their chips does not make it free.