i told you about how macOS's hardware video decode driver used to allocate vmem for frames without zeroing it, right?
-
-
Replying to @11rcombs
I'd say "nice", but really, this is the kind of crap I expect in, like, every proprietary GPU driver for everything. Performance!!!!!ʷʰᵃᵗ ᶦˢ ᵗʰᵃᵗ ˢᵉᶜᵘʳᶦᵗʸ ᵗʰᶦⁿᵍ ʸᵒᵘ ˢᵃʸ?
1 reply 0 retweets 1 like -
Replying to @marcan42
i mean, when i reported it they fixed it pretty quickly, i think they just didn't realize that the decoder might not fill in the entire image you could get that to happen with some corrupted streams, but my favorite trick was just having the stream res < the container res
2 replies 0 retweets 1 like -
Replying to @11rcombs
I once did, in fact, trace down cross-security domain unwritten sector leakage (that actually made it through *without* deliberate malicious recovery efforts and broke things) at a certain WebCo that liked to turn off ext3 journaling. My final diagnosis was working as designed...
1 reply 0 retweets 2 likes -
Kind of proud of that one though, TL assigned the bug (about bad data way downstream) to me saying "marcan is good at figuring weird stuff out" and I postmortem traced it to a machine that kernel panicked and worked out exactly what data came from where and how.
1 reply 0 retweets 2 likes -
Replying to @marcan42
"is good at figuring weird stuff out" is definitely a label i'm proud to have people apply to me
2 replies 0 retweets 1 like -
while we're on "figuring weird stuff out", fun facts: - macOS's getifaddrs() is not guaranteed to return a full sockaddr for ifa_netmask; instead you can get a variable-length structure with a 0 sa_family and short sa_len, with the remaining address bytes implied to be 0
2 replies 0 retweets 0 likes -
(apple says this is by design) - there's a macOS kernel bug that results in waitpid() waking on signals whose handlers are set to SIG_IGN (spec says it shouldn't), but only if the process is under trace by a debugger or the like
1 reply 0 retweets 0 likes -
- a related bug results in the kernel returning whatever the lowest set bit in the passed mask was, regardless of which signal actually woke it, if the process is under a debugger and is signaled with something that has the SA_RESTART flag
1 reply 0 retweets 1 like -
- if SA_RESTART isn't set, when under debugger, the kernel can wake prematurely and set errno to EINTR; the libc explicitly catches this case and returns 0(?!?!?!?!) https://github.com/apple/darwin-libpthread/blob/03c4628c8940cca6fd6a82957f683af804f62e7f/src/pthread_cancelable.c#L556 …
1 reply 0 retweets 1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.