Reportedly @musllibc works with ubsan & -fsanitize-undefined-trap-on-error, and it successfully catches/blocks CVE-2015-1817 in old vers.
-
-
Replying to @RichFelker
I'll probably add a configure option to enable ubsan w/right options in future
@musllibc releases; distros can use it for hardening.1 reply 0 retweets 3 likes -
Replying to @RichFelker
@RichFelker@musllibc If you wanted to go above and beyond you could make it compatible with -fsanitize=unsigned-integer-overflow too.2 replies 0 retweets 0 likes -
Replying to @CopperheadOS
@CopperheadSec Unsigned is used as modular arithmetic all over@musllibc, especially unsigned range checks.1 reply 0 retweets 0 likes -
Replying to @RichFelker
@RichFelker@musllibc Could use the if (mul_overflow(a, b, &result)) { ... } pattern with the intrinsics under the hood though.2 replies 0 retweets 0 likes -
Replying to @CopperheadOS
@CopperheadSec Just write if (a>TYPE_MAX/b) ...; it's the compiler's job to recognize that pattern and optimize out the division.1 reply 0 retweets 0 likes
Rich Felker Retweeted Rich Felker
@CopperheadSec GCC does not do this yet but I've discussed it with some developers; firm devs are also interested.https://twitter.com/RichFelker/status/669274939661381632 …
Rich Felker added,
-
-
Replying to @RichFelker
@RichFelker By the same reasoning, “if (l) memcpy(p, q, l);” HAD BETTER BE compiled to just a call to memcpy.0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.