Conversation

1) it’s impressive this was done before the patch was even out — proving again that silent fixes can easily be discovered 2) bugs like these (integer overflows!!), in one of the most exposed kernel drivers out there, continue to make me doubt how much code review/analysis happens

Quote Tweet

Synacktiv

@Synacktiv

Mar 12, 2020

Since MSRC just published a fix for CVE-2020-0796, here's @_lucas_georges_ quick and dirty root cause analysis on it: synacktiv.com/posts/exploit/ #sambadijaneiro

114

This Tweet was deleted by the Tweet author. Learn more

Alexander Riccio #covidco2

Replying to

and

Safeint/intsafe.h I hear are pretty good?

Replying to

and

The issue is not a lack of good ways to perform overflow checks. Integer arithmetic is everywhere and unchecked overflow is the default in C and C++. Realistically, developers are not going to carefully check and document why each unchecked arithmetic operation cannot overflow.

Alexander Riccio #covidco2

Replying to

and

Oh I agree, but it's not nearly as hard to require programmers use checked math around allocation functions

Replying to

and

The issue is that's essentially saying that the solution to developers making mistakes is for the developers not to make the mistakes. If they had realized an overflow could occur, they'd have added a check. Performing the checks via reusable functions is just common sense.

8:33 PM · Mar 13, 2020Twitter Web App

Alexander Riccio #covidco2

Replying to

and

I also agree in general here. The declspec guard overflow is nice, but it should be easy for the compiler to detect if the programmer inserted an overflow check and emit a warning. MSVC should be in particularly good shape because of SAL.