It's hard to appreciate how good Rustls is at avoiding UaF since UaF avoidance is taken for granted in idiomatic Rust code. Tiny things like `#[must_use]` are small but help avoid big failures. Our friends doing concurrency & malloc/free in C are still struggling w/ the basics.
-
-
Hm? The problem seems trivial: refcount references from JS to DOM, register all references from DOM to JS in a special GC root.
-
Yeah, so the problem arises when, inside some native DOM implementation, you have a non-reference-counted pointer (reference) that persists across a function call that, unbeknownst to you, can call back into user JS and cause that reference to go dangling.
- 9 more replies
New conversation -
-
-
The fundamental problem is seamless interoperability between the ownership world (C, C++, Rust…) and the shared-everything world (DOM, JS, COM…). Hard problem, and I haven’t seen a safe, usable, and ergonomic solution yet.
- 1 more reply
New conversation -
-
-
Me too, from an elegance point of view. Still, there has to be a boundary between DOM and native *somewhere*, even if only at windowing layer.
- 5 more replies
New conversation -
-
-
Why are those specifically pernicious? Most UAFs are exploitable.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
I mean, Servo's GC solution is *okay*. It doesn't have the reentrancy problem, but it's not 100% rust-sound either and you can cause bugs. The Josephine model may help here.
-
Though I guess Firefox has a rooting analysis too
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.