Date: Mon, 13 Jul 2015 07:01:49 -0700 From: Xi Wang <xi.wang@...il.com> To: oss-security@...ts.openwall.com Subject: Re: How serious is undefined behavior? On Mon, Jul 6, 2015 at 9:17 AM, Hanno Böck <hanno@...eck.de> wrote: > However I wonder how practically relevant these issues are and also > how much focus should be given to them. Do people have good examples > where e.g. an invalid shift operation caused a real, severe security > issue? One interesting case with shift (not necessarily a security issue) was: http://blog.regehr.org/archives/767 You may also find more examples in the two papers: http://pdos.csail.mit.edu/papers/ub:apsys12.pdf http://pdos.csail.mit.edu/papers/stack:sosp13.pdf
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ