Why Is C SO Dangerous?
Вставка
- Опубліковано 23 вер 2024
- Live on Twitch: / lowlevellearning
🏫 COURSES 🏫 Check out my new courses at lowlevel.academy
🙌 SUPPORT THE CHANNEL 🙌 Become a Low Level Associate and support the channel at / lowlevellearning
Why Do Header Files Exist? • why do header files ev...
How Does Return Work? • do you know how "retur...
🔥🔥🔥 SOCIALS 🔥🔥🔥
Low Level Merch!: lowlevel.store/
Follow me on Twitter: / lowleveltweets
Join me on Discord!: / discord
live on twitch! twitch.tv/lowlevellearning
when you code in c i feel like you're going back -50 years, just use js, be simple, but powerful, man, just be simple, you know, life is kinda short
C isn't unsafe. Kernighan and Richie said "You better know what you are doing".
It's the Programmer who pulls the Trigger.
Which keyboard are you using?
What a glorious bait. A true master baiter
had to do a double take
😂😂😂😂
master biter
I can't upvote because the number is at 420, sorry.
Why are you not over 9000 likes? Is internet down?
I thought I clicked on the wrong video
You’re opening up a bit much if that video was on your home / subscription page my man 🤣
@@Kane0123 Nah. The title and thumbnail are both programming related, hence why I clicked it. But then some random woman appeared so I thought I misclicked.
me too
Me too lmao
@@astral6749 Same. I saw the title and thumbnail and wanted to see what pointer/array issue he showed. I almost hit the back button when the first clip started, since I thought I had gone to the wrong short, but it was onto the code quick enough
Basically:
It’s unsafe because it will do exactly what you tell it to do, which isn’t always a good thing.
That would be fine; if it could to tell your 3 lines of static code was gonna fail at compile time.
@@shringe9769clang can warn about pretty much any compile time or possible runtime errors while compiling. GCC would probably also give a warning with some warning options enabled
This is just programming in general
they date up
@@shringe9769 they date up
C is unsafe the same way a motorcycle is unsafe
thing about motorcycles is that gravity always wins. You'll fall at some point lol
@@segueoyuri skill issue tbh.
@@somersaultinggiraffe1901 you're very right nonetheless hahahah
it's worse then a proper motorcycle.
@@segueoyuri 3 years, 24000Kms and not a single crash/bump
When I first learned C in college this was like the first thing the professor taught us lol
I go excessively nuts on the input validation just in case
@@luiggitello8546 crowdstrike should have hired you lol
@@grogu9814 I will go to University, and our University too teach us to C++ for first year......
the fastest "No thank you" rofl
Rotfl sounds better
Her: "Do you want to make a girl like you?"
Him: "No thank you. So the reason C is an unsafe language ..." 🗿
My man doing some Aaron Paulsen shit hahah
faster then light
we are tired of their lies
"C allows you to do dangerous things so that you can do interesting things." -- Brian Kernighan
This is so true
"C allows you to do dangerous things" because Brian Kernighan didn't know how to prevent these things without paying a (high) price.
2015 rust came out.
@@rickrock2525 C was created as a system programming language. It was supposed to give the programmer capabilities and performance similar to assembler, while ensuring easy transfer of code between different machines. The language was supposed to allow the programmer to do everything so that there was no need to use assembler for system programming, including free access to memory, hardware registers, etc. (the programmer was supposed to know what he was doing, the language was not supposed to limit him in any way). Thanks to this, even today C works great when programming microcontrollers or embedded systems, even those with only a few kilobytes of memory.
If there is a need to control out-of-bounds, etc., you can always encapsulate access to the resource using your own functions (or use libraries created for this purpose).
Rust is great in concept, but in practice it requires access to the source code of all libraries used if you want to fully use 'safe mode' (apart from the fact that even the standard Rust library uses 'unsafe' code, but that may change in the future ) - this is supposed to provide zero-cost for all security mechanisms, but nevertheless, for example with the above-mentioned tables, there is an overhead of checking ranges while the program is running. Rust can replace C (and some other languages) in many contexts, but it is not a complete replacement for it.
@@rickrock2525 I am also a rustacean but I wish other programmers would stop sucking off the crab like it was sent by God.
@@rickrock2525 I *love* Rust, BUT it isn't the solution to all of life's problems. Rust still doesn't run on some of the platforms you can run C on, moreover, the safety of Rust comes with a cost not in performance but in human time. Yeah, it's true, a refactor on a Rust codebase will usually be faster than on a C codebase, but experimental code in Rust can be a real pain in the behind. And no, unsafe isn't the solution to that problem.
"No, thank you! Now..." LMAO!! XD
@@kumanderlinux now THAT'S the guy worth dating! Love him!
"C has no way to check it"
It actually has, but you have to code it yourself. People take others works for granted and that is crazy.
Didn't expect that intro. C is/was designed for people who want to directly control a hardware processor and an operating system. It's perfect.
Mapping bit fields to hardware addresses in the linker and directly twiddling bits is beautiful
the biggest lie is strings :(
@@mr.xdstrem1584 Especially when utf-8 is involved.
@@mr.xdstrem1584 lol yeah more like a character array
Seriously thought UA-cam was malfunctioning when I clicked this video
same lmaooooo
It does malfunction this way sometimes fr
fr
😂 I swiped away just as you said no thank you and so I came back 😂
you are fast :D
Exactly 😂😂😂
Same thing 😂
Same
Ah, yes, our attention spans are of this length, at least we code instead of rotting away entirely on short form videos…
I see the problem here. The programmer was distracted by the girl and forgot to validate user input. 😂
That opening absolutely sent me "no thank you now the reason C is so dangerous" just doesn't miss a beat 😂
C has a way of checking. Its an if statement after receiving an input and its called input validation. Now, its the other, memory-safe languages that dont have a way to NOT check it in case you dont need it and hogging that compile/run time.
That bait and switch had me click off and then quickly back up "wait what that short was actually about C memory issues let me finish that"
C doesn't have memory issues, bad programmers do
@@onenationunderdog5289 yes, we only need compilers to like us.
The polite "um no thank you" got me rolling on the floor
That must have looked so stupid when you did….
That was also the most developerish response possible. Make girls like me ? No, thank you. I'd rather learn about C.
"The integer array has 4096 Bytes allocated to it."
While it doesn't impact the rest of the video, this sentence has one big mistake.
The array has 4096 elements. Since it's an int array and most (Desktop) platforms have 4 Byte integers, this array is 16384 Bytes big.
Also, literally needed to change the URL from shorts to watch since on the "shorts" interface the "Comment" button was unreachable after typing this.
Exactly, he made a mistake... since int will take 2 bytes or even 4 bytes (long int) per array element. But I get his point.... I find C easier to read.... object oriented languages like C++ make it harder to read and understand for myself.
@@cybernit3"since int will take 2 bytes or even 4 bytes (long int) per array element"
long int has nothing to do with this here
also, on Windows, macOS and Linux 64bit, if you just use "int", it will be 4 Bytes
"I find C easier to read.... object oriented languages like C++ make it harder to read and understand for myself"
Ok, but this has nothing to do with anything here.
It very much depends on where are you programming. In embedded systems is usual that int are 2 bytes size
@@johnalberto9600yes, that's why I said "on most (Desktop) platforms"
and even with 2 Bytes it's still way more than 4096 Bytes
I was searching for this comment 😂🎉
Coding languages that follow everything you say literally and without any questions can indeed be very dangerous when you have no idea wtf are you doing
This is why vectors and templates exist in C++
C++ doesn't protect you when using the index operator. You will have the same problem. However, std::vector does have an at method which will throw an error if the index is out of bounds. In my experience it is rarely used, though.
The amount of times I've ran into the "vector subscript out of range" pop up has something to say about that
@@wile9763 rust doesnt protect out of bounds indexing either.
@@wile9763I don’t use at method because I like [i] more.
I already knew this about C, but I still don't know how to make a girl like me.
The first part of your sentence is the reason for the second.
Explain C to them. If they don't like that, then get on your knees and beg them to like you
@@solidacid1337now that's genius
Your hard earned money through C programming skill will make girls follow you
Live dangerous like coding in c
I scrolled off right before he said "no thank you".
Then I scrolled back in.
hahah same
It doesn’t allocate 4096 bytes it allocates 4096 * sizeof(int) bytes
Yes that is the count of elements.
What if sizeof(int) is 3, with an address alignment of 5 bytes?
@@sethkills yes
@@sethkills would it allocate 4096 * 5 bytes?
@@sethkills The result of sizeof will be a multiple of the alignment of the type. Like how the 80-bit extended precision of x87 may be 10 byte long double on some compilers but 12 byte or 16 byte on some compilers due to alignment padding.
“C is unsafe”
“What if we allow any user to select arbitrary memory over the internet”
Which part is unsafe? Lmao
One of the finest video introductions I have witnessed. Thank you sir.
You owe me an A4 notebook for making me spit coffee all over my desk in laughter.
unoriginal, cringe and lame
@@gerooqunoriginal, cringe and lame
really proved your point there by copying my comment@@hellwraiz
@@gerooqyou just got uno reversed Lbozo Also ratio^^^
@@pikachuisop123beee9These kids. :
RUST: Memory safety
C: ha ha lol 😂
RUST: Memory safety
C: no thank you
Can I use this memory?
C: Sure
Rust :🔫🤣 no
Java: one for you , three for me.
Python: Hold on let me ask C.
C++: has everyone forgotten about me?
@@hherpdderp Rust has like 300 memory based exploits too lmao
@@danielkik1245That doesn't change the fact that c is worse in memory safety.
This is the hardest I laughed all week. Brilliant start to the video!
C has been perfect for my work over the past 30 years. C can be as efficient as assembly code. If C had “guardrails”, then it would lose its efficiency.
This is a wise man to run from their traps.
That "No thank you" at the start... I really vibe with that
"I Came Looking For Copper And I Found Gold"
"no checks" yes there are, you need to enable all warnings (-Wall), you can even go further and force it into errors (-Werror), there's also sanitizers and debuggers for that purpose
I also thought about -Wall but does it check for array index out of bounds? I'm not sure.. also, it is always a good idea to know how to write a safe code without counting on other tools to save your ass 😂
@@annieannamoore6011 of course it is! never denied it was important to learn how to write safe code, just argued that LLL's claim about C's safety isn't really accurate ^^'
i do agree that devs should learn how to write safe C though ofc
if (i < sizeof(array) / sizeof(array[0])). Ideally store that value instead of calculating every time. That's basically how every proper programming language works dude. You being "allowed" to write code that is unsafe doesn't make the language unsafe.
The C and C++ languages are free as in speech. Freedom is power. Freedom is also viewed by the weak as dangerous. The only thing more dangerous is not having it.
Un-validated inputs into unsafe operations usually result in this since the compiler or the interpreter didnt account for that. So the Dev must do it instead.
Yeah, language doesn't really prevent this. Checked access does.
@gagagero by checked access does the program have to do something meaningful on bad access or is reliably crashing good enough
can't hack if the program always shuts down on bad input
@raffimolero64 There's no simple answer to this. It really depends on what the program is doing. Crashes can and have been exploited for RCE (remote code execution). If your program is a web service then, at best, you've made your service unreliable and, at worst, given someone an extremely easy way to DOS you. If your program is flight control software, then you've potentially provided a way to bring your aircraft down. If your program is a calculator, then maybe there's no harm aside from unreliability. In general, though, the best advice I can give is that crashing your program is rarely something that you want to let happen, even if there's no malicious intent.
What’s the interpreter, the machine?
100%. This problem has nothing to do with C, just bad programming. Always validate your inputs from outside the system. whadahek.
bro pulled a rainbolt
But did he locate the error in 0.1 second while looking at the grass?
an ezsnippet, if you will
nice
Gothamchess also started to copy this entrance.
That’s why we have to do static code analysis
Not really
@@captainfordo1Why do we have static code analysis? Isn't for catching these issues to some extent?
@@mikopiko if the index is hard coded somewhere and will be used at some point on the array then it might be a thing it could catch, but if it takes in data that can't be determined at compile time, e.g. from a text prompt, a random number generator, or a request over the internet, then it won't be as easy.
@@m4rt_I understand that, but I was wondering what @captainfordo1 meant?
@@m4rt_ Eh, would be cool to have dynamic code analysis
Imagine how much easier would it be to deal with this crap, or even make reverse engineering easier
If you have a static container, wouldn't it be a good practice to check if the access is out of bounds? Additionally, you could do something to handle the out-of-bounds access. I understand that the purpose of the video is to show that C doesn't protect against rookie or accidental mistakes, but it also demonstrates that it gives you more freedom in what exactly you want to happen.
As Bjarne Stroustrup once said "C makes it easy to shoot yourself in the foot; C++ makes it harder, but when you do it blows your whole leg off."
That intro though 😂
@@onee 🤣🤣🤣
If you leave this the problem isn't the language. It's just a simple size check, every c programmer knows you have to do it
But humans make mistakes, don't you think the compiler should be checking for this kind of stuff?
@@shringe9769 It can, if you use -Wall or a similar flag.
@@shringe9769Sounds reasonable, but the more the compiler has to check, the longer the compiling will take. The fact of the matter is that humans are stupid, evil... and they make mistakes. And you can't possibly defend against all of that.
@@shringe9769 humans making mistakes can lead to issues in any language. Testing should catch issues like this if you do it properly. It’s really not that difficult to remember either, any time you receive input check it is valid. Relying on the compiler to catch issues is how you end up with programs with loads of bugs and security issues. The programmer should always focus on writing the best and safest code they can, the compiler is just there for extra protection, if something like this isn’t caught by the programmer or during testing then you have major issues with your programmers and testing procedures.
@@shringe9769you can statically analyze c. You can even do a lot with gcc with the right compiler options. You are literally complaining about a solved issue. Just because you didn't know about it doesn't make it an issue.
This is easily detected by GCC if you enable certain warnings (-Wall). This is really only unsafe if you are working with dynamic memory.
even then you can enable sanitizers and get the exact line of the errors.
GCC can only do static analysis, which might pick up some of the errors but not all of them. Sanitizers work at runtime and have a performance hit, they are useful for testing but not good for production.
Dynamic memory not necessary, just a lack of input validation.
Hum, yeah... That's why I only code in VBA, the best and the most powerful programming language in the world!
It can also be unsafe with fixed size and static arrays if the array index is unknown at compile time.
Bro for a moment I thought that I was on the wrong video 💀💀
“No thank you!” Totally got me
I literally cackled out loud in front of my wife with that intro. So good.
My fun (or dumb) fact from this past week: You can store the state of 8 binary elements into a single char with the
This is called freedom. And that's why C will always be the GOAT of coding languages.
you meant c++
@@anon1963 c++ < c, the truthfulness of this statement is proof
@@anon1963 OOP is an exceptionally bad idea which could only have originated in California - Dijkstra
@@Negs42 don't believe everything you see on the internet - Albert Einstein
@@anon1963 stop using quotes that aren't attributed to Einstein - Albert Camus
my man, best vid ive seen today
Possibly you might find "-Wall" at least a slight improvement.
Maybe "-Werror" too.
Not that either makes C perfectly safe... But you should use the tools that are available
If you want to catch a fish, don't ask the fish how, ask the fisherman.
I don't use C but i turned into paranoid. I restricted all inputs as hell in my first web app xD
you are supposed to do that regardless of what programming language you are using. Always check the size and the value of the input.
it's not paranoia, it's called "being good at programming". That's how it should be done.
You're 100% correct, you should always check whether the input is valid or not, even if it's not size.
what it is the chance a skilled C programmer allows users to write to an array that could go out of bounds with no size checks?
The rust simps would get very angry with you if they could read
It happens all the time, even in peer reviewed code. You can write a hundred thousand lines of code, and you only need to slip up once.
SKILL ISSUE!!
Only in case if they show off by using array as an index, I guess
@baconmanthelegend I think it depends on what you are doing. If the language itself does not allow for out of bounds access, it means that when compiled it creates some kind of structure that tracks the size of the array itself. Thus every time you access it's adding a check. I would imagine that such a check will have some minute impact on performance. In the end it's still doing what you should be doing, it's just abstracted I assume. So you are trading control for convenience. Which I can understand... I love Python for it's garbage collection and typeless variables.
Also the reason why C does that is simply because (the way I see it), C has no array, it only has pointers. The expressions `arr[i]` expands to something like `((void*)arr)*sizeof(type)*i`.
It's a syntax sugar so people don't do the mentioned expression every time they want to access an element. So C itself and the compiler does not track the size of the array as in elements, but I assume only the size of the array in memory and I would assume mainly for the purpose of scope for the Stack.
So I personally find it odd when C people speak of arrays as some kind of separate type from a pointer.
I kinda like this lowlevelness of C. I often had this error when doing basic machine learning
My professor described C and Java as like: “Java will not let you shoot yourself in the foot, C will help you aim the gun and will pull the trigger for you”
That intro mate - chefs kiss 👌
Bro hit the Levy gambit
The array will have 16,384 bytes. Unless you’re compiling with a weird word length. Good demo though!
It depends on architecture. It is not stated in C ISO what length int should be. The minimum is stated and it is 2 bytes.
Never liked the varied sizes of C by default. Especially since overflows are a common mistake, but sometimes needs to be done intentionally. We always use stdint.h's types redefined to shorthands like u64 and s64.
I have been C Programmer and watching youtube since 2009. Why I just discovered your channel right now🤩💔.
If you want to make a girl like you tell her that you prefer Rust code in the Linux kernel over C because it's more robust, accessible, modern and stable than C code, but that you are still open to any contributions to the kernel as long as they are commented well and are accepted by Linus Torvalds regardless of the personal choice of said programmer because open source development is a collaborative process like any project, but even more so.
Trust me this works every time.
This is how the Heartbleed exploit worked. Fascinating how these sorts of exploits are found
I like to say. C language is a powerful language. It is up to you protected your code.
Also, only noobs program like his demo. most pro programmers do checks before they access memory etc
@@mhavockmost good programmers write safe code without checks (checks are for user input, that's where it's not your fault anymore)
@@PFnove ok, its obvious you know very little about programming. Checks are used for way more than users inputs. Other examples are APIs calls, network communication, memory/device allocation/init, and alot more. You probably one of those people that things rust is great when its really for people who are lazy and unprofessional coders in the first place. Go learn some programming and see how checks are used EVERYWHERE.
@@mhavocki know i'm probably not good, i've only been studying computer science for years and have only written 4 3d renderers from scratch and a couple more simple games such as infinite minesweeper, i surely don't know a thing about programming
checks are only used when you have no control over what's happening, aka user input
when you're idk, looping over an array or sampling a texture, you can write good code from the beginning so that no invalid offsets are generated at all and you don't need to waste cpu time (very expensive) to check them
when you have user input on the other hand, you have no idea what kind of values you're gonna get, and you have to appropriately check them before using them
@@mhavock and if that's what you want to know, I use c++ and not rust
This is done in JavaScript too, except it's not reasonable enough to give you an error and just sets all the missing elements to an "undefined" reference, the same thing you get if you access an index outside of the list (which should honestly also be an error).
JS really hates to error out, so it fails silently most of the time.
The transition was perfect.
C is the adult of programming languages - you can do pretty much anything you want, but you're responsible for everything you do. And a huge part of what makes C so powerful is that it *DOESN'T* hold your hand every step of the way; doubly so as you can include inline Assembler and it doesn't even blink because you're working so close to the metal.
with great power comes great responsibility.
*with great power comes great electricity bill.
@@nuelzemudio883 Literally, but great control flow power leads to _lower_ electricity bills. Running performant software makes it feel like it's not even running, while a slow one spends a lot of resources (100x is not atypical) on many other things than actually solving the problem. And slow code is the norm in modern high level languages.
In which system does an int take 1 byte of space in memory? 🤔
char-acteristic systems
One with an 8-bit CPU: the Apple ][, CBM PET, BBC micro, TRS-80, etc.
none
I don't know how many times I've rewatched this and cracked up like it's the first time.
This might have been the best intro that I have seen this year ❤
C has all the power and flexibility of Assembly, with all the maintainability and readability of Assembly.
It's easy to do such checks in C.
1. Use a symbolic name for the array size, not a literal number
2. Check the access vs the array size before attempting to access.... WHEN APPROPRIATE (the array index expression is based on input data and hasn't been validated yet). Internally generated array index values are predictable and shouldn't need to be validated.
= skill issue. This is basic basic stuff.
Guy has a wife and child you know 😂
"No thanks, I want to understand pointers."
C was designed to develop operating systems, which means you deal with all the memory and all the things, however the C standard Library makes it a general purpose language which it is very much bot designed for
Even if you don't like OOP, use C++ instead of C. Put an internal rule in your teamwork to only use C++'s std::array (using .at()), std::shared_ptr, std::string and std::vector (using .at()) and the rest program like C. Just by doing that, you will remove almost every potential memory problem.
input validation has the following benefits:
- reduce stress
- prevent heart disease
- improve sleep quality and overall healthiness
The deadpan response killed me 😂💀
It's unsafe because you don't know what you're getting into. This is why vetting is important.
Although it’s unsafe, it’s the definition of performance aside from the Assembly languages.
I love this intro so much, please just use it at the start of every vid.
bro's hooking technic is awesome
C has a lot of legacy problems (like lacking good built-in bounds checking) but it's still one of the most powerful languages. Hopefully new imperative languages will come to better unite productivity and control flow.
Yes sirrr. That's what C is. Full control and meaning
Funny thing, there was an AI that refused to teach C to minors, because teaching something unsafe to minors is irresponsible. I forget the name of the AI, but it was hilarious and terrifying.
@@rmt3589to be honest that sounds like kind of a responsible option lol
The fine gentleman has set his priorities right.🥂✨
"Why would I do this, why would I just select the xth element like that." This aged like the finest of fine wines. Why indeed.
bruh that “no thank you” had me dying 💀
Bruh me toooo
Man's got his priorities straight.
The offer at the beginning almost made me swipe. Low level coding saved this clip for me
That is so dangerous. I would think the compiler would give a warning at compile.
Dude. Intro is GOLD !!
This was the best intro in the history of intros, forever subbed now
this is so real, i would never do any of those things that he said. i know all of those things of course. but he said it all already.
Truely brilliant opening.
That's actually the beauty of the C , you have control over almost everything.
Not 4096 "bytes" but 4096 "ints"!
A very important distinction
It is unsafe because it will not complain. C treats you like a god.
First: since it's a int, you have 4 * 4096 = 16384 bytes.
Second: you can do that in most languages.
The "No thankyou" everything 🤣🤣