ExternalMethod ArgumentsFormat Bytes communicates that a ByteArray's
contents are to be passed to the native function.
However, for an arbitrary C function, the size is not communicated, even
though the code for handling ARG_FORMAT_BYTES in the VM can inspect the
ByteArray and knows its size. Therefore the FFI has a security exploit
potential and lack of safety in being able to direct a C function to read
past the end of the array.
Original issue reported on code.google.com by BrianTRice on 29 Dec 2008 at 2:18
Original issue reported on code.google.com by
BrianTRice
on 29 Dec 2008 at 2:18