• Technus
    link
    fedilink
    arrow-up
    15
    ·
    5 months ago

    Exactly. Even worse, a bug like this isn’t just a crash waiting to happen. It’s also a massive security hole.

    If an incompetently written file can crash the system, there’s a decent chance that a maliciously crafted file could have allowed the complete takeover of it. Memory safety bugs, especially in kernel code, are very serious.

    A lack of validation would have been a glaring red flag to any outsider looking at the code, but it’s exactly the kind of thing someone who’s worked on the software forever could easily overlook. It’s so, so easy to lose sight of the forest for the trees.