It's hard to appreciate how good Rustls is at avoiding UaF since UaF avoidance is taken for granted in idiomatic Rust code. Tiny things like `#[must_use]` are small but help avoid big failures. Our friends doing concurrency & malloc/free in C are still struggling w/ the basics.
Well, not if it’s, say, a reference to the inside of a std::vector that can be resized.
-
-
(As I recall we’ve had several vulns due to exactly this.)
-
It’s an example of why this problem is so annoying: C++ wants you to use std::vector (just like Rust wants you to use Vec) but in a GC’d world you just created a landmine that can easily blow up in your face.
-
What's wrong with the Oilpan approach? (Honest question. I don't understand the limitations of Oilpan as they don't seem to be documented.)
-
In particular, I think one aspect of the Oilpan approach is "Don't use `Vec` or `std::vector`; you must use the Oilpan counterpart."
-
Same with Servo. That’s the ergonomic tax I was talking about though: I want something automatic that lets you write regular old Rust or C++, not weird-Servo-DOM-flavored Rust. I may not ever get what I want, but it doesn’t stop me from wanting it :)
End of conversation
New conversation -
-
-
Then it doesn't meaningfully have a refcounted reference on it. An actually-refcounted object cannot be freed (including moved) until its reference count reaches 0.
-
I suspect the real problem here is people redefining terms like refcounting to mean something much weaker because it (1) performs better, and (2) fits with the language idioms they want to use, which are incompatible with real refcounting.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.