Then things like allowing execution of arbitrary code in images, another case of MS fucking up in a truly astonishing way - how the hell do things like that end up as anything other than SF novel plot points in a large corporation that is supposed to be competantly managed?
Blame C, zero-terminated strings and strcpy(). That you can copy a string into a buffer that can't hold it with no sanity checking is a disaster waiting to happen. Same that you read beyond the buffer waiting forever for a terminating \0 that'll never happen. Because you don't have objects you don't have sanity checks, even with the "safe" versions you have to make sure to pass the same buffer size twice. No doubt there's code like this where you haven't defined the size through a constant:
char *dst[512]; // used to be 1024
strncopy( dst, src, 1024 ):
"High level" programming languages don't let you do that. There's no way to read from a QFile to a QByteArray in Qt/C++ that can cause a buffer overflow. There's no way to read from "beyond the end" of a QByteArray unless you deliberately get the internal pointer and use that directly, all the functions are safe. The C model is that everything is really little boxes in memory that you can store bits and bytes in and the rest is interpretation. You can do stuff like this with no casts or converts:
int a = 5;
char *b = &a;
b = "abcd";
// value of a is now something entirely different
I know there's a very few low-level, high performance scenarios where this may be useful. But I'd say for >95% of developers, >95% of the time it's only an easy way to shoot yourself in the foot.