> At this point, we were questioning our decision-making process more thoroughly, and immediately tried reproducing with the same version on a Linux build. I think you, the reader, can imagine how we felt when the issue also reproduced locally with an ASAN Linux build…<p>This was my <i>very first thought</i> when I read that it occurred on Android, so I know it had to be someone’s first thought working on this. Very unfortunate, but I’m pretty sure we’ve all been there, with a gut feeling we either ignored or outright doubted that could’ve potentially saved months at minimal risk.
> C-style programming in C++ is also a bad sign; the IOBuffer design pattern with separate storage of buffers and their sizes is inherently dangerous.<p>This the main take away. Even when writing C, just prefer safe libraries to default strings and arrays, when possible.<p>By the way, MSR is hiring for Checked C.
I don't really understand this level of memory manipulation and exploit construction very well right now. But I notice that the usual Rust advocates are big on boosting how the language restrictions and constructs block these sorts of things. Can anybody comment on how many of the steps they used could actually be prevented by using Rust for this module?
Google projekt zero website is the ONLY website which frequently get featured on HN that I cannot read on my iphone. Safari, Firefox or Edge are all rendering the page with horizontal scrollbars. I can use 2 finger zoom in and then a third finger to move the content around. At that point I cannot see the screen for my fingers and have problems holding my phone in my hands.<p>Do they have a bounty program for HTML where one can submit a fix? /s<p>This is not a new issue. Been like that for a long time