e.g. let mut x: Either<&str, usize> = Either::Left(“foo”); if let Either::Left(ref string) = x { x = Either::Right(0xbad); println!("{}", string); // UB }
-
-
Show this thread
-
In other words, you need a solution for Dan Grossman’s “Existential Types for Imperative Languages” problem. The nice thing about borrow checking is that it deals with both this problem and UAF (which ends up just being a subset of this issue).
Show this thread
End of conversation
New conversation -
-
-
A uaf breaks the program's assumptions about aliasing- plenty of room for exploitation w/o type confusion, too e.g. iterating over a Vec in a heap'd structure, free during iteration. Reallocate heap'd structure somewhere else, and you almost have classic iterator invalidation!
-
heap segmentation can be a useful mitigation, but just like every other mitigation it's not a solution to memory safety and can't be treated as one
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.