[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Crash Analysis: Finalizer Logic in singlestep function can lead to Sandbox Escape Exploit
- From: 김지회 <pascal4847@...>
- Date: Wed, 8 Dec 2021 03:23:51 +0900
I don't think it is a huge or radical fix. It is just something
that can break compatibility, if a program does something fancy
with the GC inside a finalizer. (I am not sure what that could be :-)
Otherwise, it is a local and small fix.
Opps, Sorry for wrong quotation of you.
I misunderstood your meaning.
It is interesting to note that one 'collectgarbage' functionality
already does not work when called from a finalizer, and apparently
nobody cared. :-)
And actually, I've never notice that, even with quite a long analysis on
finalizer! (shame on me.)
If so, It is obvious that nobody care of it.
We might break the backward compatibility, yay!