UndefinedBehaviorSanitizer

Implementation of OpenCL 3.0 on Vulkan. Contribute to kpet/clvk development by creating an account on GitHub.

On January 14, Nick Tait announced the discovery of six vulnerabilities in rsync, the popula [...]

AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It іs based on code from the Google BoringSSL project and the OpenSSL project....

I've recently read an article criticizing Rust, and, while it made a bunch of good points, I didn't enjoy it --- it was an easy to argue with piece. In general, I feel that I can't recommend an article criticizing Rust. This is a shame --- confronting drawbacks is important, and debunking low effort/miss informed attempts at critique sadly inoculates against actually good arguments.

Blog about C++, C, Undefined Behavior and Compilers

CとRustで一から作るマイクロカーネルOS

Tools and techniques used to test coreutils

Instrumentation Options (Using the GNU Compiler Collection (GCC))

Writing R Extensions

Writing R Extensions

20 September 2023 by Phillip Johnston • Last updated 28 September 2023Your toolchain is a useful place to start when incorporating security into your development process. There are several warnings and program augmentations that help harden your application. This article focuses on GCC and Clang, as that’s what I primarily use. I’m happy to take … Continue reading "Leveraging Your Toolchain to Improve Security"

Justin Cormack blog

Playing with LLVM

Writing R Extensions

Trail of Bits is excited to introduce Ruzzy, a coverage-guided fuzzer for pure Ruby code and Ruby C extensions. Fuzzing helps find bugs in software that processes untrusted input. In pure Ruby, these bugs may result in unexpected exceptions that could lead to denial of service, and in Ruby C extensions, they […]

Documentation for OSS-Fuzz

Documentation for ClusterFuzzLite

AddressSanitizer, ThreadSanitizer, MemorySanitizer - google/sanitizers

AddressSanitizer, ThreadSanitizer, MemorySanitizer - google/sanitizers

Coverage-guided, in-process fuzzing for the JVM. Contribute to CodeIntelligenceTesting/jazzer development by creating an account on GitHub.

In the first half of 2018, I found a number of security issues in the Trezor One hardware wallet during my master thesis on fuzzing and verification. Most of the issues were discovered through the powerful combination of fuzzing with libFuzzer and error detection via sanitizers such as Address Sanitizer and Undefined Behavior Sanitizer.

Blog about C++, C, Undefined Behavior and Compilers

My C++ development setup using Sublime Text 4 with Clangd as the language server.

Returning, now with intention, to write up some thoughts about how to effectively debug a renderer.

Undefined behavior is the bane of C and C++ programmers. The compiler can choose to do whatever it wants if a program has undefined behavior. This is normally not a good thing, but I recently wrote some code with undefined behavior and amazingly the compiler chose to do exactly what I had intended, not what I told it to do.

Personal website of Ankur Sethi, writer and independent frontend engineer living in Bangalore, India.

A few days ago I published a short post about two bugs I wrote while developing the C++ external scanner for my TLA⁺ tree-sitter grammar. Reactions were mixed! Many people were supportive, but there were of course the usual drive-by claims by developers that the bugs were trivial, they would’ve found & fixed them inside of 20 minutes, and I was laughably incompetent for having written them in the first place. Maybe so! I’m a fan of formal methods primarily so I don’t have to be a genius to write correct code. In that same vein of building tools to save us from ourselves, one user suggested building the tree-sitter grammar with the LLVM address & undefined behavior sanitizers enabled. I’d used valgrind a long time ago but had never played around with sanitizers. I was also doing some closely-associated work to build the grammar for fuzzing with LLVM’s libFuzzer, so it seemed a fun detour to check whether those sanitizers would have saved me days of debugging pain!

As a new year is popping up, it is time to take good resolutions. To help you, especially if you are a C/C++ developer, this article gives ...

Fuzz testing killing C

I’ve recently been dipping my toes in the very deep water that is “undefined behavior” in C and C++, and the more I learn about it, the scarier it …

AddressSanitizer, ThreadSanitizer, MemorySanitizer - google/sanitizers

This is a list of materials (documents, services, and so on) released by the Open Source Security Foundation (OpenSSF) Best Practices Working Group (WG).

Following up on my first blog post, I’ve received a few requests to write about setting up a debugging environment; however, since everybody uses different emulators and so on, I’ll mainly focus on which config options are useful!

Mozilla has been fuzzing Firefox for a while. It has proven to be one of the most efficient ways to identify quality and security issues.

AddressSanitizer, ThreadSanitizer, MemorySanitizer - google/sanitizers

I'm sorry to jump out on that sort of issue again, because it was partially treated in issues such as #4830. To comment @andrewrk in the previous issue : Figuring out why such checks are always ena...