MS and anyone else that jumped on the C ship long time ago.
These issues have been preached by us with experience in strong memory systems programming languages, e.g. Modula-2, Modula-3, Oberon, Ada, Pascal dialects...
But the industry needs to be exploited every day, spend huge pile of money in memory integer validation tools, the workarounds you mention (other compiler vendors do it as well) and still keep on fixing memory corruption exploits. To eventually start caring about this issues.
A visible side effect is the increase in Ada presence at FOSDEM in the last years, as well as, the industry acceptance of SPARK.
Back in the day I went to C++ from Turbo Pascal, because at least the language provided the tools to write safe code, if (big if) I cared to use them. So there was a path to achieve Algol type of safety.
The big issue is that due to its almost copy-paste compatibility with C, the added safety is not worth nothing if developers just keep on coding C with a C++ compiler.
Rust might eventually also suffer from this, given the amount of unsafe being used, I keep on seeing in code examples.
These issues have been preached by us with experience in strong memory systems programming languages, e.g. Modula-2, Modula-3, Oberon, Ada, Pascal dialects...
But the industry needs to be exploited every day, spend huge pile of money in memory integer validation tools, the workarounds you mention (other compiler vendors do it as well) and still keep on fixing memory corruption exploits. To eventually start caring about this issues.
A visible side effect is the increase in Ada presence at FOSDEM in the last years, as well as, the industry acceptance of SPARK.
Back in the day I went to C++ from Turbo Pascal, because at least the language provided the tools to write safe code, if (big if) I cared to use them. So there was a path to achieve Algol type of safety.
The big issue is that due to its almost copy-paste compatibility with C, the added safety is not worth nothing if developers just keep on coding C with a C++ compiler.
Rust might eventually also suffer from this, given the amount of unsafe being used, I keep on seeing in code examples.