WebAssembly lets applications write/read to NULL. Even if, by design, WASM prevents whole classes of vulnerabilities, that sounds like a regression over what all modern operating systems do, which has proven to prevent many bugs and exploitable vulnerabilities.
Yes. Sure, the C standard allows (void*)0 to represent a different address, but in practice no compiler ever did that, and that would break quite a lot of code.
-
-
What kind of vulnerabilities would it lead to, it data was read or written to address 0? A NULL check seems to compile to a check on the const 0 with Emscripten for example
-
Uninitialized pointers.
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.