| ▲ | muvlon 2 hours ago | |
Yes, kind of. In the same sense that Vec<T> in Rust with reused indexes allows it. Notice that this kind of use-after-free is a ton more benign though. This milder version upholds type-safety and what happens can be reasoned about in terms of the semantics of the source language. Classic use-after-free is simply UB in the source language and leaves you with machine semantics, usually allowing attackers to reach arbitrary code execution in one way or another. | ||
| ▲ | pron an hour ago | parent [-] | |
That what happens can be reasoned about in the semantics of the source language doesn't necessarily make the problem "a ton more benign". After all, a program written in Assembly has no UB and all of its behaviours can be reasoned about in the source language, but I'd hardly trust Assembly programs to be more secure than C programs. And while the less deterministic nature of a "malloc-level" UAF does make it more explosive, it can also make it harder to exploit reliably. It's hard to compare the danger of a less likely RCE with a more likely data leak. On the other hand, the more empirical, though qualitative, claim made by by matklad in the sibling comment may have something to it. | ||