On Thursday, 27 July 2017 at 20:09:46 UTC, Steven Schveighoffer
wrote:
Well, let's not forget that the services should not be
dereferencing null. It's still a bug in the code.
Of course, but statistically speaking, all software is buggy so
it's not an unreasonable assumption on the attackers part that
there is at least one null dereference in complex server code
that will eventually trigger.
It just may result in something other than a process exit.
Which is really bad for process supervision, because it'll likely
not detect a problem and not kill+respawn the service.
I bet if you lowered that limit, you would cause all sorts of
trouble, not just in D safe code. Imagine, any function that
returns null specifically to mean an error, now may return it
casually as the address of a valid item! You are going to screw
up all checks for null!
Indeed, but atm I was only concerned about the implications for D
@safe code.
