Programmer Humor

32031 readers

1624 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

cat_programmer@lemmy.ml

149

Proc macro sandboxing (lemmy.ml)

submitted 1 year ago by Victim_0@lemmy.ml to c/programmerhumor@lemmy.ml

24 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] PlexSheep@feddit.de 1 points 1 year ago

Analyzing without running might lead to bad situations, in which code behaves differently on runtime vs what the compiler / rust-analyzer might expect.

Imagine a malicious dependency. You add the thing with cargo, and the rust analyzer picks it up. The malicious code was carefully crafted to stay undetected, especially in static code analysis. The rust analyzer would think that the code does different things than it actually will. Could potentially lead to problematic behavior, idk.

Not sure how realistic that scenario is, or how exploitable.