On Mon, Oct 30, 2017 at 11:04:10AM -0400, Boris Zbarsky wrote:
On 10/30/17 10:52 AM, Simon Sapin wrote:
How do new language features lead to security bugs?
By making unsafe behaviors easier or more tempting.
For example:
[&]() { /* stuff */ }
is a huge footgun in a language without a borrow checker. You _could_
still do something like that before lambdas by creating a functor
object, but you had to explicitly give it reference-typed members for
the things you wanted to use, which might at least make you stop and
think about whether those references were referencing things that
lived long enouhg. With [&] you capture everything by reference by
default, which is great if the lambda's usage has stack lifetime and
horrible otherwise...
Our static analysis tools are pretty good at catching a lot of
lambda capture bugs at this point, though. I'd be much less
comfortable using them if they weren't.
It's probably worth considering whether we need to write static
analysis tools for a new feature before we turn it on, though...
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
