Twitter | Pretraživanje | |
Alexander Popov
I wrote a post: "Case study: Searching for a vulnerability pattern in the Linux kernel". It's a funny story about , , Coccinelle and a "public 0day".
This short article describes the investigation of one funny Linux kernel vulnerability and my experience with Semmle QL and Coccinelle, which I used to search for similar bugs.
Reply Retweet Označi sa "sviđa mi se" More
LGTM 12. kol
Odgovor korisniku/ci @a13xp0p0v @Semmle
Thanks for using QL for variant analysis. Since is free for OSS, we set a 4hr limit to ensure resources are avail to all teams. We are thinking of ways to get larger projects on . Let us know what you’d like to see analyzed
Reply Retweet Označi sa "sviđa mi se"
Kees Cook 12. kol
Odgovor korisniku/ci @a13xp0p0v @Semmle i 2 ostali
I double-checked and I was surprised to see that Coverity didn't see this issue. As pointed out, sparse has been warning about it for a while since it's a argument type violation (but with a constructed type). I wonder if we could trick gcc or clang into seeing it too.
Reply Retweet Označi sa "sviđa mi se"
Dmitry Vyukov 14. kol
Odgovor korisniku/ci @kees_cook @a13xp0p0v i 3 ostali
2 things go to my "kernel dev process peculiarities" collection: - another case of lost patch - "sparse pointing to a bug" does not mean anything: not on anybody's radar, fix is still lost, not sparse warning that allowed to recover the fix
Reply Retweet Označi sa "sviđa mi se"
Baptiste Devigne 11. kol
Odgovor korisniku/ci @a13xp0p0v @Semmle @LGTM
Amazing post, thank you !
Reply Retweet Označi sa "sviđa mi se"
LGTM 12. kol
Odgovor korisniku/ci @a13xp0p0v @Semmle
Just for clarification, LGTM Enterprise does not have a limit for build times. Typical customer deployments build much faster with infrastructure scaled to meet their needs.
Reply Retweet Označi sa "sviđa mi se"