Comment by otikik
2 months ago
I think they are not going far enough.
"All null-pointer-referencing issues should come with an accompanying fix pull request".
2 months ago
I think they are not going far enough.
"All null-pointer-referencing issues should come with an accompanying fix pull request".
I don't think putting the burden to fix the code should be on users. However, it also shouldn't be on developers.
I think something like "Null-pointer-referencing issues will not be looked at by core maintainers unless someone already provides a patch". That way, someone else who knows how to fix the problem can step in, and users aren't left with the false impression that merely reporting their bug will not guarantee a solution.
Not users. Security researchers.
So if I find a null pointer dereference issue in something written in a language I don’t know, I shouldn’t report it because I can’t include a fix?
If you don't know the language, why are you reporting null pointers?
Because the program crashed and the crash dump showed a null pointer dereference, and I found some inputs that reproduce it 100%, so I thought this might be useful to the developer?
1 reply →