20:15 Hi! Infosec people here: if you use printf(s) You're passing s as the format string parameter. The function uses the format string to interpret *raw bytes on the stack* as types of data to be formatted, and one format specifier in particular, %n, will actually write the number of characters printed so far to a variable on the stack. If you allow arbitrary user input as a format string parameter, that user input can print some garbage and then *write the printed length to the return address,* jumping to (nearly) arbitrary memory addresses.
This %n can be used together with a buffer overflow and an index x like this `%x$n` to write arbitrary data to any arbitrary address(es?). This is a common challenge in pwn ctf challenges.
What I love about the philosophical question is how it highlights so many interesting points. Firstly, something I noticed that I am seeing more and more is how header files really are just interfaces, and that the underlying implementation is the platform specific code and never had to be C specifically. This is so brilliant because you could implement any C interface in any language that can go through some unified assembly. Then with the GLFW duplication, we really see how the browser is a sandbox and something like Emscriptem is a sandbox, and since you're going with a sandbox on top of a sandbox, you need the same abstraction. While just going browser native (which is JavaScript) you can skip the second sandbox. Furthermore this approach also highlights how we should maybe break up the C standard library into more unified single header files (ala STB) so that it's even more portable. Maybe even something like the D language modules combined with native JavaScript becomes super interesting for file size. Man, this little idea is SO COOL!
This channel is so underrated. I tell about hi to everyone I l know. time to bring bakc the good old days of people truly understanding the code they write
I wonder how this whole thing would look if you try to move the cut line one layer down (to the platform thing in your drawing). And maybe have a WEB_CANVAS platform or a a WEB_GPU platform. But i maybe the issue may be that platform in raylib depends on too much stuff you would need to implement then.
I don’t like to move the font logic into the abstract game engine, since it will not know about all platform capabilities (like why not use browsers alignment which might be aware of micro kerning)
const char *s is not a pointer to a string per se, it is rather a pointer to unsigned bytes in memory. With "%s" you instruct printf() how to treat those bytes. It will print them out one byte after the other as ascii character until it reaches a zero termination byte.
1:00:18 btw Rust (also added in C23) have unreachable. Which basically tells the compiler this branch is never reached and the compiler can make optimizations based on that. For example: void foo(int *ptr) { if( ptr == NULL ) unreachable(); /* rest of function */ }
Btw Zig has unreachable keyword long before Rust and C even introduce them, the goal is tell the compiller in release mode "remove this check as i already sure this code cannot be reach, and i fine undefined behaviour happpen if this branch get execute"
About type punning, i dont know c but shouldnt your color type be a union? Than you can treat it as both a struct and u32 and explicitly indicate this.
24:50 They also didn't know about how basic memory handling works so they invented "a memory safe language". The result is a complainer (like them), not a compiler.
13:40 .. ohh man .. here I am for your merit in C code, emacs magic, approach and explanation. If I want to see someone read or nearly scream way waaay too much chat with a loud clown voice - like those hyper hotel kindergarten entertainers - I would watch thePrimeagen. Irony aside if there is a slight hint of pressure to perform like a class clown, please don't feel pressured, there will be viewers that appreciate your work more than pulling up chat every 200-400 seconds - like a bad advertisement reel that is unskippable - with the streamer nearly peaking the mic every 10-30 seconds throughout the 1-4 Minute "chat interaction".
I think a lot of newer developers don't bother to study history or any tech that they consider "outdated", so of course they won't know of type punning. The sad thing is that it also makes them inferior developers who continuously reinvent the wheel. That's a thin needle to thread, especially given that creating a new programming language is often viewed as reinventing the wheel even when it's not, but the most obvious example I can think of is when a solution has to be reverse engineered for a problem that has already been solved by another language. If you just copy their solution and then move on from that point, then great, but it's when a programmer doesn't know the solution already exists that causes problems. As a corollary to that problem, you also have developers that don't keep up to date with their skills and try to solve problems in a new way when a better way exists in another language. Consider every developer that tells me C doesn't do this or that and then says their language of choice solves that issue that was already solved in an earlier C standard, sometimes C99, oftentimes C11, but the most ridiculous is when it involves C++ and they've never even heard of Boost, never mind what the committee has been doing in the past 25 years.
Is it the fault of new developers when there is just so much to learn it's impossible to know what you need to know to become a good developer without being a good developer so there's that :)) People go to what brings them money, if they didn't do that since childhood and played with the pieces for so long they know the lower level stuff it's really difficult for someone just starting out
@@TheMelopeus Consider every new language developed in the past decade and a half. Most implementers don't study other languages, even the ones they claim they want to replace, then they end up coming up with an awful solution that was already solved in the language they're attempting to replace and much more eloquently than their new attempt at the problem. Only makes it worse when they claim that language X doesn't do what their fancy new language Y does even when it could already do it for a decade. If a language designer doesn't study history then they'll be doomed to reinvent the wheel and make it square because they like squares more and have to learn what those who came before them learned that a round wheel works better.
20:15 Hi! Infosec people here: if you use
printf(s)
You're passing s as the format string parameter. The function uses the format string to interpret *raw bytes on the stack* as types of data to be formatted, and one format specifier in particular, %n, will actually write the number of characters printed so far to a variable on the stack. If you allow arbitrary user input as a format string parameter, that user input can print some garbage and then *write the printed length to the return address,* jumping to (nearly) arbitrary memory addresses.
Damn, I should try to do that!
on termux %n doesn't work
wheeeeeeeeee
This %n can be used together with a buffer overflow and an index x like this `%x$n` to write arbitrary data to any arbitrary address(es?). This is a common challenge in pwn ctf challenges.
sounds good
sounds gud
sounds gucci
sounds a-tamagutchi
a-letsa-go
Compile mutha flippa!
*dabs*
can your $insert_noun_here do that?
For someone who is interested in grasping a lower level understanding of the stack, your channel is a gold mine.
What I love about the philosophical question is how it highlights so many interesting points.
Firstly, something I noticed that I am seeing more and more is how header files really are just interfaces, and that the underlying implementation is the platform specific code and never had to be C specifically. This is so brilliant because you could implement any C interface in any language that can go through some unified assembly.
Then with the GLFW duplication, we really see how the browser is a sandbox and something like Emscriptem is a sandbox, and since you're going with a sandbox on top of a sandbox, you need the same abstraction. While just going browser native (which is JavaScript) you can skip the second sandbox.
Furthermore this approach also highlights how we should maybe break up the C standard library into more unified single header files (ala STB) so that it's even more portable. Maybe even something like the D language modules combined with native JavaScript becomes super interesting for file size.
Man, this little idea is SO COOL!
Im loving the thumbnails ❤
This channel is so underrated. I tell about hi to everyone I l know. time to bring bakc the good old days of people truly understanding the code they write
fun fact: You can do type punning in javascript with typedarrays
thats childs play, you can multiply a Class with a function in javascript to get a string 😏
I wonder how this whole thing would look if you try to move the cut line one layer down (to the platform thing in your drawing). And maybe have a WEB_CANVAS platform or a a WEB_GPU platform. But i maybe the issue may be that platform in raylib depends on too much stuff you would need to implement then.
nice thumbnail! definitely pulled me 😂
Sir, you are a great wizard!
Honestly your channel is just one big tutorial on refactoring
Filled 'em
rect 'um
I don’t like to move the font logic into the abstract game engine, since it will not know about all platform capabilities (like why not use browsers alignment which might be aware of micro kerning)
I'm interested to know how much Tsoding cares about reverse engineer programs.
@Tsoding building a process sandbox from scratch.. sounds like a cool idea 💡?😊
const char *s is not a pointer to a string per se, it is rather a pointer to unsigned bytes in memory. With "%s" you instruct printf() how to treat those bytes. It will print them out one byte after the other as ascii character until it reaches a zero termination byte.
1:00:18 btw Rust (also added in C23) have unreachable. Which basically tells the compiler this branch is never reached and the compiler can make optimizations based on that. For example:
void foo(int *ptr) {
if( ptr == NULL )
unreachable();
/* rest of function */
}
Why add a branch condition that will never be reached?
you're basically telling the compiler to induce undefined behavior in the case of it happening, for optimization purposes, I think
like, formally it should never happen, but in practice it might
Btw Zig has unreachable keyword long before Rust and C even introduce them, the goal is tell the compiller in release mode "remove this check as i already sure this code cannot be reach, and i fine undefined behaviour happpen if this branch get execute"
@@origamitraveler7425 yup that's exactly it.
Nice
Oh ok, the thumbnail made me think you've written a C compiler in javascript
Where is the discord announcement? Sad 😔
About type punning, i dont know c but shouldnt your color type be a union? Than you can treat it as both a struct and u32 and explicitly indicate this.
nice
24:50 They also didn't know about how basic memory handling works so they invented "a memory safe language". The result is a complainer (like them), not a compiler.
Tsoding is a proud romanian.
Why not make a C program that transpiles raylib to js automatically?
Because that's magbitudes harder than just doing it by hand
or a js program that just transpiles c to javascript. then we can just transpile linux to ms-edge
Susha moment
13:40 .. ohh man .. here I am for your merit in C code, emacs magic, approach and explanation. If I want to see someone read or nearly scream way waaay too much chat with a loud clown voice - like those hyper hotel kindergarten entertainers - I would watch thePrimeagen. Irony aside if there is a slight hint of pressure to perform like a class clown, please don't feel pressured, there will be viewers that appreciate your work more than pulling up chat every 200-400 seconds - like a bad advertisement reel that is unskippable - with the streamer nearly peaking the mic every 10-30 seconds throughout the 1-4 Minute "chat interaction".
lol includes a library to downcase a letter instead of subtracting 26? love your videos, btw
I think a lot of newer developers don't bother to study history or any tech that they consider "outdated", so of course they won't know of type punning. The sad thing is that it also makes them inferior developers who continuously reinvent the wheel. That's a thin needle to thread, especially given that creating a new programming language is often viewed as reinventing the wheel even when it's not, but the most obvious example I can think of is when a solution has to be reverse engineered for a problem that has already been solved by another language. If you just copy their solution and then move on from that point, then great, but it's when a programmer doesn't know the solution already exists that causes problems. As a corollary to that problem, you also have developers that don't keep up to date with their skills and try to solve problems in a new way when a better way exists in another language. Consider every developer that tells me C doesn't do this or that and then says their language of choice solves that issue that was already solved in an earlier C standard, sometimes C99, oftentimes C11, but the most ridiculous is when it involves C++ and they've never even heard of Boost, never mind what the committee has been doing in the past 25 years.
Is it the fault of new developers when there is just so much to learn it's impossible to know what you need to know to become a good developer without being a good developer so there's that :)) People go to what brings them money, if they didn't do that since childhood and played with the pieces for so long they know the lower level stuff it's really difficult for someone just starting out
@@TheMelopeus Consider every new language developed in the past decade and a half. Most implementers don't study other languages, even the ones they claim they want to replace, then they end up coming up with an awful solution that was already solved in the language they're attempting to replace and much more eloquently than their new attempt at the problem. Only makes it worse when they claim that language X doesn't do what their fancy new language Y does even when it could already do it for a decade.
If a language designer doesn't study history then they'll be doomed to reinvent the wheel and make it square because they like squares more and have to learn what those who came before them learned that a round wheel works better.
1:39:33 rand2 :)
This is Tsoding, of course he's Russian. The dude is a beast!
“newer generation reinventing their own wheels” you mean like what you’re doing here and every other video? 😂
Hi Tsoding, i would like to appreciate that if you could make a video of Problems Solving on Codeforces. It would help a lot, thank you...
Sounds pretty boring
WHAT !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!, I want to say to tsoding to calm down if you saw that comment
@@matthewchampagne9621 nah, solving problems are required in this present time bruh
j ass
FINALLY EARLY TO THE VID!!! (First btw )
Looks like three beat you to it.
Nice