GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Kees Cook :tux: (kees@fosstodon.org)'s status on Sunday, 03-Nov-2024 07:59:23 JST Kees Cook :tux: Kees Cook :tux:

    It's nice that an LLM found a bug, but it's also trivially mitigated with the bounds safety sanitizer with virtually no overhead. Your regular reminder to build all production C projects with "-fsanitize=bounds -fsanitize-trap"

    int aIdx[7]; // compiler knows the size of this array
    ...
    int iCol; // if this should not be negative, why is this "int"?
    ...
    aIdx[iCol] = i; // build with bound checking!

    https://infosec.exchange/@ifsecure/113408455787473153

    In conversation about 8 months ago from fosstodon.org permalink
    • Embed this notice
      Rich Felker (dalias@hachyderm.io)'s status on Sunday, 03-Nov-2024 08:01:31 JST Rich Felker Rich Felker
      in reply to

      @kees For every bug they find, they also find 10 false positives and recommend introducing new vulns to "fix" them.

      Not made up, my real experience with someone sending me garbage AI tool generated bug reports.

      In conversation about 8 months ago permalink
      Haelwenn /элвэн/ :triskell: likes this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.