For me the biggest annoyance is that Rust doesn’t have a wonderful solution for the most pernicious UAF in browsers: unexpected reentrancy from DOM into malicious JS. I don’t know that there *is* a good solution, really…
-
-
Hm? The problem seems trivial: refcount references from JS to DOM, register all references from DOM to JS in a special GC root.
2 replies 0 retweets 0 likes -
Yeah, so the problem arises when, inside some native DOM implementation, you have a non-reference-counted pointer (reference) that persists across a function call that, unbeknownst to you, can call back into user JS and cause that reference to go dangling.
2 replies 0 retweets 1 like -
Because you skipped counting a reference...
1 reply 0 retweets 0 likes -
Like, for example in C++ the “this” pointer has to be a raw (non-RC’d) pointer. The language is hardwired to that.
2 replies 0 retweets 0 likes -
The raw reference is perfectly safe as long as you know something further up the call stack has a refcounted reference on it. Need to ensure that happens when entering DOM code.
2 replies 0 retweets 0 likes -
Well, not if it’s, say, a reference to the inside of a std::vector that can be resized.
2 replies 0 retweets 0 likes -
Replying to @pcwalton @RichFelker and
(As I recall we’ve had several vulns due to exactly this.)
1 reply 0 retweets 1 like -
Replying to @pcwalton @RichFelker and
It’s an example of why this problem is so annoying: C++ wants you to use std::vector (just like Rust wants you to use Vec) but in a GC’d world you just created a landmine that can easily blow up in your face.
1 reply 0 retweets 0 likes -
What's wrong with the Oilpan approach? (Honest question. I don't understand the limitations of Oilpan as they don't seem to be documented.)
1 reply 0 retweets 0 likes
In particular, I think one aspect of the Oilpan approach is "Don't use `Vec` or `std::vector`; you must use the Oilpan counterpart."
-
-
Same with Servo. That’s the ergonomic tax I was talking about though: I want something automatic that lets you write regular old Rust or C++, not weird-Servo-DOM-flavored Rust. I may not ever get what I want, but it doesn’t stop me from wanting it :)
0 replies 0 retweets 5 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.