Hacker News new | past | comments | ask | show | jobs | submit login

qwertyoruiopz already found a use-after-free bug: https://twitter.com/qwertyoruiopz/status/1149424025111801858



There are other bugs, too, like:

    1420     th = js_mallocz(ctx, sizeof(*th));
    1421     th->has_object = TRUE;
    1422     if (!th) {
    1423         JS_FreeValue(ctx, obj);
    1424         return JS_EXCEPTION;
    1425     }
But hey, that's gonna get ironed out. :)


This is still an important reminder that literally nobody in the world can write C code without memory issues.

Even if the developer is a genius and the project isn't that big.


This one is probably easily catchable even by a static code analysis, though.

I suspect this is the result of th->has_object being added later than the surrounding code. I don't think someone would write this code on the first attempt with this bug. It's too obvious.

If the code repo ever becomes available, I'll check my theory out. :D


I'd be curious to see the total number of bugs ever found in this code; I suspect it's going to have a far lower defect density than any other JS engine, especially the ones in the big browsers.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: