On 11/25/2010 10:28 AM, Bruno Medeiros wrote:
I think Walter's point remains true: null pointers bugs are an order of magnitude less important, if not downright insignificant, with regards to security breaches. I mean, from my understanding of that article, a NPE bug on its own is not enough to allow an exploit, but other bugs/exploits need to be be present. (in that particular case, a straight-flush of them it seems). On the other hand, buffer overflows bugs nearly always make possible an exploit, correct?
From a language designer's perspective, I think programmer association of semantic meaning to null (along with null's weak typing) is a more serious problem than npe vulnerabilities.
