Conversation

1) it’s impressive this was done before the patch was even out — proving again that silent fixes can easily be discovered 2) bugs like these (integer overflows!!), in one of the most exposed kernel drivers out there, continue to make me doubt how much code review/analysis happens

Quote Tweet

Synacktiv

@Synacktiv

Mar 12, 2020

Since MSRC just published a fix for CVE-2020-0796, here's @_lucas_georges_ quick and dirty root cause analysis on it: synacktiv.com/posts/exploit/ #sambadijaneiro

114

This Tweet was deleted by the Tweet author. Learn more

Replying to

and

Realistically, programmers won't thoroughly verify that every integer operation with the potential to overflow does not overflow. Even if they tried, they may make bad assumptions or mistakes. If you want to catch it reliably, checked overflow needs to be an implicit default.

Replying to

and

Expecting people to do that at scale is out of touch. Humans are not capable of completely avoiding mistakes. Blaming programmers for flaws in tools isn't going to fix the problems. Systemic issues are best solved with a systemic fix, not an expectation of avoiding human errors.

This Tweet was deleted by the Tweet author. Learn more

Replying to

and

Right, it needs to be phased in as the default with wrapping operations performed explicitly. It's already possible to do that with compilers like Clang. It's far easier to find unintentional overflows when every intentional overflow is marked and unintentional ones are caught.

Replying to

and

Some software projects are investing substantial resources in doing it. Many of the unintentional overflows are caught due to introducing automatic checking, and remaining ones are downgraded from serious vulnerabilities like heap overflows to a DoS or often a non-security issue.

Replying to

and

As an example: source.android.com/devices/tech/d android-developers.googleblog.com/2016/05/harden android-developers.googleblog.com/2018/06/compil Some languages like Swift have integer overflow checking as the default, while others have standard support for enabling it (C#) rather than needing compiler extensions.

android-developers.googleblog.com

Hardening the media stack

5:58 PM · Mar 12, 2020Twitter Web App

Replying to

and

Languages, libraries and other tools need to account for human error. Programmers are going to make mistakes and the tooling needs to be designed to help them avoid errors, to reduce the impact and detect mistakes that slip through. Not going to catch everything with code review.

Replying to

As in poka-yoke

Poka-yoke - Wikipedia