upvote

points

by staticassertion7 hours ago |
comments
upvoteby masklinn6 hours ago|
next
[-]
> Things like sanitizers largely rely on test coverage.

And not in a trivial “this line is traversed” way, you need to actually trigger the error condition at runtime for a sanitizer to see anything. Which is why I always shake my head at claims that go has “amazing thread safety” because it has the race detector (aka tsan). That’s the opposite of thread safety. It is, if anything, an admission to a lack of it.

reply
upvoteby josefx5 hours ago|
prev|
[-]
I heard they once created an entire language that would replace C++ in all their projects. Obviously they never rewrote Chrome in Go.

> 10s of billions are spent to try to get Chromium to not have these vulnerabilities, using those tools. And here we are.

Shouldn't pages run in isolated and sandboxed processes anyway? If that exploit gets you anywhere it would be a failure of multiple layers.

reply
upvoteby stackghost5 hours ago|
parent|
next
[-]
They do run in a sandbox, and this exploit gives the attacker RCE inside the sandbox. It is not in and of itself a sandbox escape.

However if you have arbitrary code execution then you can groom the heap with malloc/new to create the layout for a heap overflow->ret2libc or something similar

reply
upvoteby StilesCrisis2 hours ago|
parent|
prev|
[-]
I don't think Go was ever planned to completely overtake C++. It is still a garbage collected language at the end of the day.
reply