Re: shoddy
It is a trade-off yes, but it's a performance vs correctness one because it treats arbitrary data of unknown type as if it might be pointer type, and imposes expectations on how pointer types are represented in memory which could easily be broken by other casually incorrect code.
Knowing how fragile computer code is, even as a coder who works hard to achieve high performance wherever possible, I'm struggling to think of scenarios I'm willing to exercise genuine choice and trade away correctness in production code precisely because of weird unexpected consequences like this vulnerability. It's apparent from the bug thread they did think about what they were doing and recognised the ugliness of it, but they didn't anticipate it breaking ASLR even though it does. That's the evidence you need that these consequences are hard to reason about and it's best staying away from the ugliness in the first place.
Biting the hand that feeds IT
