Alternatively one can do the same that Mozilla does for a few components in Firefox [1]. That is, sandbox C/C++ libraries/components at the compilation time so memory-safety bugs will not be able to escape the sandbox. The big plus is that this avoids code re-write for the price of slower execution due to extra checks in the generated code.
This is especially applicable for various parsers that are typically self-contained code that is not performance critical but very prone to bugs with nasty consequences like the article demonstrated again.
This is especially applicable for various parsers that are typically self-contained code that is not performance critical but very prone to bugs with nasty consequences like the article demonstrated again.
[1] - https://hacks.mozilla.org/2021/12/webassembly-and-back-again...