Ask HN: Does Compiling to WebAssembly Prevent Issues with Unsafe Languages?
Compiling to WebAssembly can mitigate certain issues, specificaly with memory safety in unsafe languages like C.
Take this C function: void write_to_buffer(char *buffer, unsigned int size, char value) { for (unsigned int i = 0; i <= size; ++i) { buffer[i] = value; // Unsafe: can write past the buffer if size is too large } }
Compiled to native code, an incorect size can lead to a buffer overflow. However, if you compile this to WebAssembly, the out-of-bounds write would be caught by the WebAssembly runtime, preventing a potential security flaw. But it doesn't eliminate the need for good coding practices, it does add a layer of protection against some kinds of memory-related errors
This is wrong. WebAssembly doesn't care where you write inside the arena.
See: https://gist.github.com/fwsGonzo/8d8d0d27847c2d5804bc2d8af2b...
.. but it is safe to write anywhere in the arena!
Appreciate the clarification. You're right that WebAssembly doesn't enforce bounds checking within its linear memory, allowing for out-of-bounds writes within the allocated space. While it does enhance security at the host boundary, it doesn't absolve the need for careful memory management within the WebAssembly module itself
It does solve many of the issues, namely:
* Memory isolation (memory can't be executable, and thus you reduce injection attacks).
* Sandboxing: by default Wasm has no access to the outer universe where is being called, this makes quite trivial to properly sandbox almost any kind of program (on the systemcall layer)
Yes, so can any type of userspace sandboxing with speculation safe emulators. Virtualization also prevents these issues.
So, you can safely use C from your gameboy emulator, RISC-V emulator, or WebAssembly emulator. The quality of the emulator determines how much information you get back when something happens.