On 07/12/2016 02:48 AM, Maxim Ostapenko wrote:
void foo (unsigned len)
{
...
void *p = malloc (len);
}
void bar ()
{
...
unsigned len = a + b;
foo (len);
}
Inlining & lto can help here as could a symbolic execution engine.
This is precisely t
Cc John.
On Tue, Jul 12, 2016 at 10:49 AM, Maxim Ostapenko
wrote:
> On 12/07/16 12:20, Yuri Gribov wrote:
>>
>> On Tue, Jul 12, 2016 at 9:48 AM, Maxim Ostapenko
>> wrote:
>>>
>>> On 11/07/16 19:28, Jeff Law wrote:
On 07/11/2016 10:08 AM, Maxim Ostapenko wrote:
>
> On 11/07/16 1
On 12/07/16 12:20, Yuri Gribov wrote:
On Tue, Jul 12, 2016 at 9:48 AM, Maxim Ostapenko
wrote:
On 11/07/16 19:28, Jeff Law wrote:
On 07/11/2016 10:08 AM, Maxim Ostapenko wrote:
On 11/07/16 18:05, Jakub Jelinek wrote:
On Tue, Jul 05, 2016 at 10:31:31AM +0300, Maxim Ostapenko wrote:
CC'ing Jak
On Tue, Jul 12, 2016 at 10:34 AM, Jakub Jelinek wrote:
> On Tue, Jul 12, 2016 at 10:20:55AM +0100, Yuri Gribov wrote:
>> There are people who would tolerate FPs if the tool indeed helps to
>> find vulnerabilities. Especially if there is easy way to suppress
>> checks in set of functions/files who
On Tue, Jul 12, 2016 at 10:20:55AM +0100, Yuri Gribov wrote:
> There are people who would tolerate FPs if the tool indeed helps to
> find vulnerabilities. Especially if there is easy way to suppress
> checks in set of functions/files who intentionally rely on unsigned
But what is the easy way to s
On Tue, Jul 12, 2016 at 9:48 AM, Maxim Ostapenko
wrote:
> On 11/07/16 19:28, Jeff Law wrote:
>>
>> On 07/11/2016 10:08 AM, Maxim Ostapenko wrote:
>>>
>>> On 11/07/16 18:05, Jakub Jelinek wrote:
On Tue, Jul 05, 2016 at 10:31:31AM +0300, Maxim Ostapenko wrote:
>
> CC'ing Jakub, Mar
On 11/07/16 19:28, Jeff Law wrote:
On 07/11/2016 10:08 AM, Maxim Ostapenko wrote:
On 11/07/16 18:05, Jakub Jelinek wrote:
On Tue, Jul 05, 2016 at 10:31:31AM +0300, Maxim Ostapenko wrote:
CC'ing Jakub, Marek and Kostya, sanitizer maintainers in GCC.
Jakub, thanks for your summary.
I'm not c
On 07/11/2016 10:08 AM, Maxim Ostapenko wrote:
On 11/07/16 18:05, Jakub Jelinek wrote:
On Tue, Jul 05, 2016 at 10:31:31AM +0300, Maxim Ostapenko wrote:
CC'ing Jakub, Marek and Kostya, sanitizer maintainers in GCC.
Jakub, thanks for your summary.
I'm not convinced it is a good idea, that is
On 11/07/16 18:05, Jakub Jelinek wrote:
On Tue, Jul 05, 2016 at 10:31:31AM +0300, Maxim Ostapenko wrote:
CC'ing Jakub, Marek and Kostya, sanitizer maintainers in GCC.
Jakub, thanks for your summary.
I'm not convinced it is a good idea, that is why we've intentionally left it
out when adding
On Tue, Jul 05, 2016 at 10:31:31AM +0300, Maxim Ostapenko wrote:
> CC'ing Jakub, Marek and Kostya, sanitizer maintainers in GCC.
I'm not convinced it is a good idea, that is why we've intentionally left it
out when adding UBSan support, IMHO such an option defines substantially
different languages
CC'ing Jakub, Marek and Kostya, sanitizer maintainers in GCC.
On 04/07/16 14:12, Maxim Ostapenko wrote:
Hi!
Although in languages like C and C++ unsigned integer overflow
reliably wraps around and well defined, sometimes it may indicate an
error in code and lead to undesirable consequences an
On Mon, 4 Jul 2016, Maxim Ostapenko wrote:
Is community interested in such a tool?
On the one hand, it is clearly useful since you found bugs thanks to it.
On the other hand:
1) I hope we never reach the situation caused by Microsoft's infamous
warning C4146 (which is even an error if you en
Hi!
Although in languages like C and C++ unsigned integer overflow reliably
wraps around and well defined, sometimes it may indicate an error in
code and lead to undesirable consequences and even security
vulnerabilities
(https://android-developers.blogspot.ru/2016/05/hardening-media-stack.ht
13 matches
Mail list logo
