Conversation

Alex Ionescu
@aionescu
1) it’s impressive this was done before the patch was even out — proving again that silent fixes can easily be discovered 2) bugs like these (integer overflows!!), in one of the most exposed kernel drivers out there, continue to make me doubt how much code review/analysis happens
Quote Tweet
Synacktiv
@Synacktiv
Since MSRC just published a fix for CVE-2020-0796, here's @_lucas_georges_ quick and dirty root cause analysis on it: synacktiv.com/posts/exploit/ #sambadijaneiro
114
This Tweet was deleted by the Tweet author. Learn more
Daniel Micay
@DanielMicay
Replying to
@pwnallthethings
and
@aionescu
Realistically, programmers won't thoroughly verify that every integer operation with the potential to overflow does not overflow. Even if they tried, they may make bad assumptions or mistakes. If you want to catch it reliably, checked overflow needs to be an implicit default.
1
12
This Tweet was deleted by the Tweet author. Learn more
Daniel Micay
@DanielMicay
Replying to
@pwnallthethings
and
@aionescu
Right, it needs to be phased in as the default with wrapping operations performed explicitly. It's already possible to do that with compilers like Clang. It's far easier to find unintentional overflows when every intentional overflow is marked and unintentional ones are caught.
1
4
Show replies
Daniel Micay
@DanielMicay
Replying to
@kyREcon
@pwnallthethings
and
@aionescu
The issue is not a lack of good ways to perform overflow checks. Integer arithmetic is everywhere and unchecked overflow is the default in C and C++. Realistically, developers are not going to carefully check and document why each unchecked arithmetic operation cannot overflow.
1
Show replies