Null pointers look simple on the surface, and that’s why they’re so dangerous. As compiler optimizations, intuitive but incorrect simplifications, and platform-specific quirks have piled on, the odds of making a wrong assumption have increased, leading to the proliferation of bugs and vulnerabilities.
This article explores common misconceptions about null pointers held by many programmers, starting with simple fallacies and working our way up to the weirdest cases. Some of them will be news only to beginners, while others may lead experts down the path of meticulous fact-checking. Without further ado, let’s dive in.
Macromedia Flash Action Script was the first language I saw that could have a RCE vulnerability caused by null pointer dereference.
Thank god HTML5 media killed Flash.
Flash isn’t dead yet.
I just had to use it to connect to an ancient Siemens building automation system. Luckily we’re replacing it this year.
FYI there is an open source reimplementation of Flash from scratch called Ruffle that should solve all the security issues that Flash had. It runs on WASM so it’s compatible with modern browsers. The New York Times is using it to bring back some old interactive/animated pages that relied on Flash.
Thanks, I’m going to have nightmares tonight.