|
@a13xp0p0v | |||||
|
I wrote a post: "Case study: Searching for a vulnerability pattern in the Linux kernel".
It's a funny story about #syzkaller, @Semmle @LGTM, Coccinelle and a "public 0day".
a13xp0p0v.github.io/2019/08/10/cfu…
|
||||||
|
||||||
|
LGTM
@LGTM
|
12. kol |
|
|
||
|
Kees Cook
@kees_cook
|
12. kol |
|
I double-checked and I was surprised to see that Coverity didn't see this issue. As @tehjh pointed out, sparse has been warning about it for a while since it's a argument type violation (but with a constructed type). I wonder if we could trick gcc or clang into seeing it too.
|
||
|
|
||
|
Dmitry Vyukov
@dvyukov
|
14. kol |
|
2 things go to my "kernel dev process peculiarities" collection:
- another case of lost patch
- "sparse pointing to a bug" does not mean anything: not on anybody's radar, fix is still lost, not sparse warning that allowed to recover the fix
|
||
|
|
||
|
Baptiste Devigne
@Geluchat
|
11. kol |
|
Amazing post, thank you !
|
||
|
|
||
|
LGTM
@LGTM
|
12. kol |
|
Just for clarification, LGTM Enterprise does not have a limit for build times. Typical customer deployments build much faster with infrastructure scaled to meet their needs.
|
||
|
|
||