If we trusted code to be reliable solely on the basis of how bad it would be if the code broke, we'd probably be inundated with CVEs.
I'm not sure what I'd suggest instead, though - this specific case would be nice if we had kept the parser in userspace, but that just turns "hovering triggers kernel-mode crash" into "attempting to execute causes kernel-mode crash", presumably.
[Rant about wanting more trusted codepaths having static analysis and/or managed languages goes here.]
I'm not sure what I'd suggest instead, though - this specific case would be nice if we had kept the parser in userspace, but that just turns "hovering triggers kernel-mode crash" into "attempting to execute causes kernel-mode crash", presumably.
[Rant about wanting more trusted codepaths having static analysis and/or managed languages goes here.]