Archive for March 3, 2016

Thursday, March 3, 2016

Why Safe C Is Sometimes Unsafe Swift

Matt Gallagher:

In this article, I’ll look at a class of memory safety bug that occurred multiple times while I was writing the previous article. This particular bug occurs only in Release builds and can occur even when your code has no occurrence of the word “unsafe” anywhere in it.

[…]

That is the simple answer to what’s gone wrong in the Swift version: we tried to use a pointer to the first element of a tuple to read and write to the whole tuple. Creating a pointer to the first element of a larger structure and using that as a proxy for the whole structure is common in C and C++ but it’s simply not allowed in Swift.

[…]

For the example in this article, after destructuring the tuple the Swift compiler realizes that – according to the rules of the Swift memory model – only the zeroth field of the string1 and string2 tuples are ever read so the initialization of the remaining fields is marked as a “dead store” and the dead fields 1-9 are omitted from the function entirely (never allocated on the stack).

Previously Downloaded OS X Installers No Longer Work

Josh Centers:

The Apple Worldwide Developer Relations Intermediate Certificate is required for all apps in the Mac App Store, including OS X installers. When used to sign an app, the certificate enables OS X to confirm that the app has not been corrupted or modified by an attacker. This certificate expired on 14 February 2016, causing error dialogs and preventing some apps from launching. Most apps affected have already been updated with the new certificate. But if you downloaded an OS X installer in case of trouble, you may be in for a surprise the next time you try to use it.

[…]

Those who have created any bootable install disks for OS X will need to recreate them with the new installers.

Previously: More Mac App Store Certificate Problems.

Update (2016-03-03): Jeff Johnson:

Signing code with an expiring cert is not a mistake. Certs expire, that is known in advance. It is planned obsolescence.

Katie Floyd:

So, I’m now in the process of re-downloading gigabytes of data, again. That is, assuming you’re allowed to download the Installers. See, Apple won’t allow a newer Mac to download versions of OS X that aren’t compatible with that Mac.

Proposed New Swift Collections Model

Dmitri Gribenko et. al.:

We are proposing a new model for collections, where indices can only be advanced forward or backward by the corresponding collection instance. Indices become opaque tokens representing collection positions, that can be produced and consumed by collection APIs. This allows us to reduce the amount of data stored in indices to the bare minimum.

[…]

Instances of Dictionary point to an indirection, while instances of DictionaryIndex point to the storage itself. This allows us to have two separate reference counts. One of the refcounts tracks just the live Dictionary instances, which allows us to perform precise uniqueness checks.

The issue that we were previously unaware of is that this scheme is not thread-safe. When uniquely-referenced storage is being mutated in place, indices can be concurrently being incremented (on a different thread). This would be a read/write data race.

Where Did All the HTTP Referrers Go?

Stephen Merity (via Hacker News):

This leaves two problematic situations:

  • HTTP websites don’t receive referrers from HTTPS websites -- all traffic appears as direct traffic
  • HTTPS websites will send referrers to any other HTTPS website even if it contains sensitive information

The first situation means we lose any understanding of where traffic is coming from, the second situation leads potentially to security vulnerabilities or information leaks. Essentially, if a HTTP website links to another HTTP website, the author of the secure page is lending extra trust just as it’s HTTPS. In most cases, this is not what was intended.

[…]

These cases are covered under a new HTML5 called the meta referrer. Now a simple tag can be used, such as <meta name="referrer" content="always">, to specify the exact behaviour of the HTTP Referrer regardless of whether we’re using HTTP or HTTPS.

Update (2016-03-03): To be clear, this tag can help you send referrers to sites that you link to. It doesn’t help you see how visitors are getting to your site unless the source sites adopt it.

Update (2016-06-22): See also: Everything you could ever want to know (and more) about controlling the Referer header.