Foreword A few days ago, in the .NET performance optimization group, some group members talked about a new feature of .NET8. This class is called UnsafeAccessor. Many group members did not know what this feature was for. So I wanted to write an article to take you through this feature. In fact, I have paid […]
Tag: unsafe
Unsafe deserialization (php & java) and vulnerability recurrence
Unsafe deserialization 1. Serialization and deserialization A8:2017 – Unsafe Deserialization A08:2021-Software and Data Integrity Failures Why serialize? Serialization, The process of converting the state information of an object into a form that can be stored or transmitted. Most of these forms are byte streams, strings, and json strings. During serialization, the current state of the […]
java-other-unsafe
Get Unsafe class instance As shown in the Unsafe source code below, the Unsafe class is a singleton implementation and provides a static method getUnsafe to obtain an Unsafe instance. It is legal if and only if the class calling the getUnsafe method is loaded by the boot class loader, otherwise a SecurityException is thrown. […]
Coverity code scanning – solution to unsafe library functions
Article directory Coverity code scanning – solution to unsafe library functions 1 Introduction 2. Coverity code scanning warning 3. C language unsafe function table 3. Solutions to some unsafe functions in C language a. strcpy and strncpy encapsulation b. strcat and strncat encapsulation c. sprintf package d. memcpy and memmove packaging 4 Conclusion 5. Reference […]
How to use njsscan to identify unsafe code in Node.JS applications
About njsscan njsscan is a powerful Static Application Testing (SAST) tool that helps researchers find unsafe code patterns in Node.JS applications. The tool uses A simple pattern matcher and syntax-aware semantic code pattern search tool for libsast semgrep realizes its function. Tool installation The current version of njsscan only supports running in macOS and Linux […]
Thread synchronization: queues and locks, three unsafe cases; synchronization lock synchronized, deadlock, lock lock
Thread synchronization What is thread synchronization Thread synchronization is concurrency; multiple threads operate on the same resource Thread synchronization is actually a waiting mechanism. Multiple threads that need to access an object enter the thread waiting pool of this object to form a queue, and wait for the previous thread to use it before handing […]
[Multi-threading] (2) (Observe thread state thread state transition Observe thread state and transition Case: single thread-serial execution multi-thread-concurrent execution observe unsafe situation in thread thread safety concept thread unsafe cause solution thread-unsafety issues)
Article directory state of the thread Observe thread status thread state transfer Observe the state and transition of threads the case single thread – serial execution Multithreading – concurrent execution thread safety Watch for unsafe conditions in threads Thread Safety Concept Reasons for thread unsafety Solve the thread unsafe problem Status of the thread The […]
[WEB Security] Unsafe deserialization
1.1. What is serialization and deserialization Serialization and deserialization refer to the process used to convert an object or data structure into a stream of bytes for transmission or storage between different systems and reconstructed when needed. **Serialization refers to the process of converting an object or data structure into a stream of bytes. **During […]
4. Thoughts on hashmap unsafe ConcurrentHashMap thread-safe use of segment lock mechanism
Thoughts on hashmap unsafe ConcurrentHashMap thread-safe use of segment lock mechanism Step 1: We used ConcurrentHashMap when logging in as a user and found that it is thread-safe. What is the mechanism to achieve thread safety? What is the principle of segment lock? Question: private Map allUserMap = new ConcurrentHashMap(); Tell me about this Answer:In […]
1. Unsafe api details —jdk1.8
Overview Unsafe is a low-level class in Java, which includes many basic operations, such as array operations, object operations, memory operations, CAS operations, thread (park) operations, fence (Fence) operations, JUC packages, and some tripartite frameworks all use the Unsafe class To ensure concurrency safety. API Details 1. object field( memory offset ) operate // object […]