https://stackoverflow.com/a/69322771/12262729
This post suggests that dangling reference in code run by browser can be entry point to bypass system's security with malicious code - how is it possible?
CodePudding user response:
The danger is similar to buffer overflows.
The memory that a dangling reference points to could be used in a new allocation. If the program then writes through the dangling pointer, it will write unintended values to that memory.
If that memory happens to be used to hold security-related information (such as a username) and an exploit is able to get information it wants to be written there, it can change the result of the security check.
That's quite a few "if"s, so that kind of exploit is pretty unlikely. More likely is just causing the program to crash. If a hacker can cause an important program to crash, that's considered a security problem.
CodePudding user response:
The post you point to explains why manual memory management is NOT available in JavaScript. IF it was, that would lead to possible dangling references and the consequent security holes. Since this hypothetical scenario is not a reality, JavaScript code cannot suffer from dangling references.