
Several months in the life of Project Zero – Part 1: The Chrome bug of suffering - archimag0
https://googleprojectzero.blogspot.com/2020/02/several-months-in-life-of-part1.html
======
jchw
> At this point, we were questioning our decision-making process more
> thoroughly, and immediately tried reproducing with the same version on a
> Linux build. I think you, the reader, can imagine how we felt when the issue
> also reproduced locally with an ASAN Linux build…

This was my _very first thought_ when I read that it occurred on Android, so I
know it had to be someone’s first thought working on this. Very unfortunate,
but I’m pretty sure we’ve all been there, with a gut feeling we either ignored
or outright doubted that could’ve potentially saved months at minimal risk.

------
pjmlp
> C-style programming in C++ is also a bad sign; the IOBuffer design pattern
> with separate storage of buffers and their sizes is inherently dangerous.

This the main take away. Even when writing C, just prefer safe libraries to
default strings and arrays, when possible.

By the way, MSR is hiring for Checked C.

~~~
xvilka
There is no reason to spend time on any variant of C in the age of Rust.

~~~
acdha
For new projects, sure. For existing projects, it's not trivial to convert
them and anyone working on something significant is going to need time to do a
migration during which additional new C code will almost certainly need to be
written.

~~~
xvilka
It can be semi-automated with the amazing c2rust[1] tool.

[1] [https://github.com/immunant/c2rust](https://github.com/immunant/c2rust)

~~~
acdha
“semi-” is not a synonym for “easily done with production-ready results”.
Until that changes, people are going to need to write new C code even if
they're working to refactor their code into a better language.

------
pornel
That state machine is scary. I wouldn't dare to write it without an
async/await generator.

------
ufmace
I don't really understand this level of memory manipulation and exploit
construction very well right now. But I notice that the usual Rust advocates
are big on boosting how the language restrictions and constructs block these
sorts of things. Can anybody comment on how many of the steps they used could
actually be prevented by using Rust for this module?

~~~
steveklabnik
If I had to summarize it, it would be:

> C-style programming in C++ is also a bad sign; the IOBuffer design pattern
> with separate storage of buffers and their sizes is inherently dangerous.

Rust has "slices", which store a pointer and a length together, so they cannot
get out of sync like this.

------
ToFab123
Google projekt zero website is the ONLY website which frequently get featured
on HN that I cannot read on my iphone. Safari, Firefox or Edge are all
rendering the page with horizontal scrollbars. I can use 2 finger zoom in and
then a third finger to move the content around. At that point I cannot see the
screen for my fingers and have problems holding my phone in my hands.

Do they have a bounty program for HTML where one can submit a fix? /s

This is not a new issue. Been like that for a long time

~~~
jeroenhd
I'm on Android so I don't have any trouble, but keep in mind that all
"browsers" on iOS are just Safari with a skin and a few features bolted onto
it. Apple doesn't allow different browser engines on their platform because of
various reasons.

Try the non-mobile version:
[https://googleprojectzero.blogspot.com/2020/02/several-
month...](https://googleprojectzero.blogspot.com/2020/02/several-months-in-
life-of-part1.html?m=0)

It seems to be using the default simple blogger theme so there's probably no
point of contact for the website, it's Google after all. The best chance you
have is to submit a bug report with Apple about Safari not rendering the page
right.

~~~
jacobush
Wow, I couldn't believe it.
[https://en.wikipedia.org/wiki/Firefox_for_iOS](https://en.wikipedia.org/wiki/Firefox_for_iOS)

