WebAssembly lets applications write/read to NULL. Even if, by design, WASM prevents whole classes of vulnerabilities, that sounds like a regression over what all modern operating systems do, which has proven to prevent many bugs and exploitable vulnerabilities.
Crashes on NULL pointers deref are extremely useful, even in high-level languages such as Go. Now, these become silent, with unpredictable side effects.
-
-
So if NULL was (i32.const -1) in WASM, that would cause and out of bounds trap. Wouldn't that yield the same behaviour?
-
It would probably restore that behavior. But now, (uintptr_t)0 != (void *) 0. You can’t initialize a pointers array with calloc() or memset(0) any more. This is going to break things.
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.