DFINITY has recently addressed a significant bug in the Motoko runtime system, which under specific conditions could result in unintended memory writes or reads. This issue primarily affected programs using the incremental garbage collector (via the compile option --incremental-gc) or enhanced orthogonal persistence (--enhanced-orthogonal-). While the bug was difficult to trigger due to its dependence on specific heap constellations, garbage collection scheduling, and the scale at which particular language features were used, it was still important for developers to be aware of its potential impact.
The bug has now been resolved in the latest Motoko release, version 0.14.3, which is available through dfx version 0.24.3. If your Motoko program relies on either the incremental garbage collector or enhanced orthogonal persistence, it is strongly recommended that you update to the latest version of dfx to ensure your applications are not affected by this issue.
To update to the latest version of dfx, developers can follow these simple steps:
- Upgrade dfx:
Run the commanddfxvm updateto download the latest version of dfx (0.24.3 or higher). - Deploy your Motoko applications:
Once updated, deploy your Motoko applications on the Internet Computer network using the command:
dfx deploy --network ic
Additionally, for those interested in the technical details, DFINITY has provided a GitHub security advisory outlining the nature of the bug and its resolution. The advisory can be found here under the section titled Uninitialized memory access in Motoko incremental garbage collector.
DFINITY urges developers to upgrade as soon as possible to avoid any risks associated with the bug. If you have any further questions or need assistance, the Motoko team is available at team-motoko@dfinity.org. This fix ensures that your Motoko applications run safely and efficiently, avoiding potential memory issues that could disrupt your programs on the Internet Computer.
Community Discussion