Here's one for the #langsec crowd. CloudFlare used a parser generator named Ragel, they didn't parse manually.
Bug was in generated code.
-
-
Replying to @andreasdotorg
@daveaitel my understanding is the bug was something they wrote and was dutifully translated.1 reply 0 retweets 1 like
Replying to @0xcharlie @daveaitel
It was something like "skip this token" in Ragelese. Documented you shouldn't do that, but why no bounds checks?
7:59 AM - 24 Feb 2017
0 replies
0 retweets
3 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.