Exploitation of a JavaScriptCore WebAssembly Vulnerability
RET2.IO
This is a fascinating, but quite in-depth, article that describe a vulnerability (which has been patched) that some researchers found in JavaScriptCore, the JavaScript engine used in WebKit and Apple Safari. This article also gives some interesting insight into WebAssembly execution, which follows a similar tiered approach to JavaScipt, starting with running the wasm module within an interpreter and followed by multiple tiers of JIT optimisation.
In brief, this exploit focusses on the WebAssembly Interpreter. Through inspection of the code they realised that if the stack size exceeded 0xffffffff
, it would overflow to zero, allowing them to escape from their allocated stack. Whilst a stack depth of 0xffffffff
seems improbable, they found a creative way to achieve this.
Overflowing of integers is a tricky issue to address, sadly Rust doesn’t have a solid solution to this problem either.
Mastershot
MASTERSOT.APP
Mastershot is a web-based video editor, based on the WebAssembly version of FFmpeg which I wrote about a few months ago. By running the entire application client-side, Mastershot is able to provide a secure, fast and simple service. I’m sure we’ll see more WebAssembly-based browser applications in the future.
Making JavaScript run fast on WebAssembly
BYTECODEALLIANCE.ORG
This blog post looks at optimisation of JavaScript running within WebAssemly. - “Hang on”, I hear you say, “WebAssembly runs within the browser, alongside JavaScript, why would I run JavaScript within WebAssembly?” - good question!
The WebAssembly is being adopted as a runtime for various other environments, e.g. serverless, smart contracts, plugin host. In many of these instances there is a desire to run JavaScript code. So in a somewhat surprising ‘turning of the tables’, WebAssembly becomes the host for JavaScript.
Unfortunately, many of the techniques used to make JavaScript run quickly within the browser (JIT) don’t work when it runs within WebAssembly.
This blog post covers a whole host of creative new ideas that make JavaScript run much more quickly within a WebAssembly host environment.
How to make plugins system with Rust and WebAssembly
ARCANA.RS
Talking of using WebAssembly as a host, this blog post explores gives a practical introduction to incoporating WebAssembly so that it can host plugins.
kalker
STRCT.NET
Kallker is a feature-rich scientific calculator that runs in the browser. It’s written in Rust, with the sourcecode all available on GitHub.