Notices by Jann Horn (jann@infosec.exchange)

fun Linux fact: because MAP_SHARED|MAP_ANONYMOUS is actually a file-backed mapping under the hood, unmapping part of such a mapping does not discard the data stored in that part:

Wow, __builtin_dump_struct is an amazing clang feature, how did I never hear about this before?

The original version of this feature was introduced back in 2018 (though it was reimplemented since in 2022).

@alanc aah, and I guess that also means it's safe if the compiler optimizes malloc(0) into NULL when the libc doesn't do that, only the other direction would break stuff...

@alanc trying to determine at build time if malloc can return NULL seems kinda unsafe anyway? like, what if the same kind of compiler optimization also applies to the code that uses the macro, or if an update to the libc changes this behavior?

I added code to Linux to help KASAN detect specific types of UAFs more reliably (https://git.kernel.org/pub/scm/linux/kernel/git/vbabka/slab.git/commit/?h=slab/for-6.12/rcu_barriers&id=b8c8ba73c68bb3c3e9dad22f488b86c540c839f9), it's been in the linux-next integration tree for, I don't know, a month or so maybe (though it's not in the mainline tree yet), and still there are zero hits on LKML of bugs caught where the stack trace involves my detection...
It's nice that there apparently aren't a lot of easy-to-find bugs of this type around but it's also a little disappointing to not immediately get some nice results from my work...

@warthog9 what is the issue with gmail? is their SMTP dialog slower than other mail servers' or something like that?