Trap representations and padding bits

Back to news The effects of padding and trap representations in C The C programming language does not hide from you how the values you manipulate are represented. One consequence is that when padding happens, its presence may have observable effects in carelessly crafted programs. Padding is well-known to appear between members of a struct, […]

A non-exhaustive list of ways C compilers break for objects larger than PTRDIFF_MAX bytes

  Back to news Pointer subtraction resulting in overflow, undefined behaviors, and more Introduction One well-documented way in which a program may break in presence of objects of more than PTRDIFF_MAX bytes is by doing a pointer subtraction that results in an overflow: #include <stdio.h> #include <stdlib.h> int main(void) { char *p = malloc(0x81000000); if […]

Out-of-bounds pointers: a common pattern and how to avoid it

Back to news Recent evolutions of TrustInSoft Interpreter A quick tis-interpreter update At long last, tis-interpreter was released as open-source last month. It is somewhat difficult to install, and as a remedy I will regularly prepare binary snapshots for Linux (and maybe OpenBSD, OS X). At the time of this writing, the first publicly available […]

Fiddly buffer overrun in OpenSSL

Back to news TrustInSoft reported bugs in Open SSL John’s blog is hosting a post, co-authored by me, about one of the more entertaining “bugs” reported by TrustInSoft in OpenSSL. In this case the behavior was intended, and looked like a good idea when the code was originally written. I see this anecdote as a […]

memcmp requires pointers to fully valid buffers

Back to news Using TIS-Intepreter in open-source libraries A suspicious pattern in open-source software One bug recently found by John using tis-interpreter on a widely used open-source library involved the comparison of strings with memcmp. The unexpected condition was that memcmp was, in one case, called with a pointer to a buffer shorter than the […]

The libc cross-testing project

Back to news Cross-testing libc and bugs found Cross testing libc While discussing with a number of other people, the idea arose of the differential testing of libc implementations. There are many of these (musl libc is my favorite; the implementation of the libc is one of the points on which the *BSD Unices differ, […]

Compile-time consistency checks for types in C

Back to news Walkthrough of a compile-time consistency check for types in C language Compile-time consistency checks Say that in existing source code, you happened upon the construct below: #define CHECKED_TYPE(original_type, p) ((conversion_type*) (1 ? p : (original_type*) 0)) What might the purpose of this strange construct be? At run-time, the inner conditional expression always […]

The sociology of open-source security fixes, continued

Back to news Project tin-AES128-C, security bugs in open source software Why a second anecdote about security bugs in open-source software In a previous episode, having just reported a vulnerability in the open-source, connected program cpuminer, I uselessly worried about what to do. In fact, there was no urgency and no responsibility, as the vulnerability […]

When in doubt, express intent, and leave the rest to the compiler

  Back to news Expressing intent in your C language code Expressing intent, illustrated on an example I sometimes get asked what stylistic choices a C developer could make that would help their code work well with static analysis or formal verification. I usually do not have a good answer—the reader of this blog or […]

Handling security bugs is not the Open-Source community’s strong point

Back to news A short story detailing the inefficiency of taking care of security bugs A funny story Here is a funny story. Earlier this century, I moved into an apartment with electrical heating, so that during Winter, electricity is free(*) while I am home. Over the course of several years, I helped simulate proteins […]