[OffTopic] A vulnerability postmortem on Network Security Services
user1234
user1234 at 12.de
Thu Dec 2 11:03:41 UTC 2021
On Thursday, 2 December 2021 at 10:58:10 UTC, bauss wrote:
> On Thursday, 2 December 2021 at 08:09:18 UTC, Paulo Pinto wrote:
>> Google's Project Zero goes through a memory corruption exploit
>> on Network Security Services, where despite all static
>> analysers, fuzzers and code reviews, it flew under the radar.
>>
>> https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html
>>
>> Hence why @safe matters.
>
> Seems like a bounds-checking error and thus would be caught
> without @safe even.
I was thinking about stronger typing of the union members +
better encapsulation and better way to init the struct (better
than the memcpy).
More information about the Digitalmars-d
mailing list