|
|
|
|
|
|
by vlovich123
882 days ago
|
|
|
> One major tradeoff that UAF bugs become more difficult to fix, as you are just accessing objects which "should" be dead. Are you referring to access through a raw pointer after ownership has been dropped and then garbage collection is non deterministic? |
|
|
No - basically objects sometimes have some state of when they are "destroyed", e.g. an Element detached from the DOM tree[1]. Other parts of the codebase might have references to these objects, and previously accessing them after they destroyed would be a UAF. Now its just a bug. This is good! Its not a security bug anymore! However much harder to determine what is happening as it isn't a hard crash.
[1] This isn't a real case, just an example.