Comments (3)
SeanTAllen
commented on May 30, 2024
Additional context: https://ponylang.zulipchat.com/#narrow/stream/190365-runtime/topic/Unsafe.20deserialise.20exploitation
from ponyc.
SeanTAllen
commented on May 30, 2024
We don't have any good way to deal with errors of this sort in the serialization of this sort. Some investigation of what we should do when we get unexpected values. Serialization was written for "totally trusted/may segfault". We probably want to throw an error but we need to verify that we are always good for doing it.
from ponyc.
jemc
commented on May 30, 2024
What probably needs to happen for the error case is to call the "throw fn" passed to pony_deserialise with some code like this:
serialise_cleanup(ctx);
ctx->serialise_throw();
abort();from ponyc.
Related Issues (20)
- Incorrect generic FFI syntax compiles HOT 10
- Runtime crash when accessing a field that was captured before it was initialized HOT 2
- Feat: Reconsider support for ponyc bundled builds targeting Intel MacOS HOT 1
- runaway memory growth during GC with reference cycle HOT 12
- RFC #77: Assign Param Syntax
- RFC #78: Remove JSON package from the standard library
- Can't built 0.53.0 on aarch64-darwin HOT 8
- Possible violation of the `pthread_create` interface? HOT 4
- Release 0.54.1 HOT 2
- iftype compile error at runtime HOT 7
- [Epic] EL 9 & Fedora support - prebuilt, install.md, and ponyup HOT 1
- XorOshiro naming in random HOT 2
- Incorrect program result when not using --debug HOT 16
- Release 0.55.0
- Segmentation fault when capturing Env via lambda HOT 17
- Segfault when trying to compile incorrect capabilities HOT 12
- With block doesn't call dispose on an object if its name is _ HOT 7
- Web assembly
- Unreported type inference error with Array's in match case statements HOT 9
- Cannot build with --static nor --nopic. HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ponyc.