Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 13 Jul 2015 07:01:49 -0700
From: Xi Wang <xi.wang@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: How serious is undefined behavior?

On Mon, Jul 6, 2015 at 9:17 AM, Hanno Böck <hanno@...eck.de> wrote:
> However I wonder how practically relevant these issues are and also
> how much focus should be given to them. Do people have good examples
> where e.g. an invalid shift operation caused a real, severe security
> issue?

One interesting case with shift (not necessarily a security issue) was:

http://blog.regehr.org/archives/767

You may also find more examples in the two papers:

http://pdos.csail.mit.edu/papers/ub:apsys12.pdf

http://pdos.csail.mit.edu/papers/stack:sosp13.pdf

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ