Reportedly @musllibc works with ubsan & -fsanitize-undefined-trap-on-error, and it successfully catches/blocks CVE-2015-1817 in old vers.
-
-
@RichFelker@musllibc If you wanted to go above and beyond you could make it compatible with -fsanitize=unsigned-integer-overflow too. -
@CopperheadSec Unsigned is used as modular arithmetic all over@musllibc, especially unsigned range checks. -
@RichFelker@musllibc Could use the if (mul_overflow(a, b, &result)) { ... } pattern with the intrinsics under the hood though. -
@CopperheadSec Just write if (a>TYPE_MAX/b) ...; it's the compiler's job to recognize that pattern and optimize out the division. -
@CopperheadSec GCC does not do this yet but I've discussed it with some developers; firm devs are also interested.https://twitter.com/RichFelker/status/669274939661381632 … - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.