Notices by Jann Horn (jann@infosec.exchange)

@alanc aah, and I guess that also means it's safe if the compiler optimizes malloc(0) into NULL when the libc doesn't do that, only the other direction would break stuff...

@alanc trying to determine at build time if malloc can return NULL seems kinda unsafe anyway? like, what if the same kind of compiler optimization also applies to the code that uses the macro, or if an update to the libc changes this behavior?

I added code to Linux to help KASAN detect specific types of UAFs more reliably (https://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab.git/commit/?h=slab/for-6.12/rcu_barriers&id=b8c8ba73c68bb3c3e9dad22f488b86c540c839f9), it's been in the linux-next integration tree for, I don't know, a month or so maybe (though it's not in the mainline tree yet), and still there are zero hits on LKML of bugs caught where the stack trace involves my detection...
It's nice that there apparently aren't a lot of easy-to-find bugs of this type around but it's also a little disappointing to not immediately get some nice results from my work...

@warthog9 what is the issue with gmail? is their SMTP dialog slower than other mail servers' or something like that?