Frama-C Typing man recv on my system, I get: ssize_t recv(int socket, void *buffer, size_t length, int flags); The man page contains this additional bit of specification: “These calls return the number of bytes received, or -1 if an error occurred.” The type ssize_t is defined as a signed variant of...
Read MoreI like Robert Graham's analysis on Microsoft's new bug bounty program. I would never have thought of selling vulnerabilities to the NSA (but then I am not American and not a security researcher). Does the NSA not employ qualified people to look for vulnerabilities as their day job? Is that...
Read MoreThe title of this post, “Attack by Compiler”, has been at the back of my mind for several weeks. It started with a comment by jduck on a post earlier this year. The post's topic, the practical undefinedness of reading from uninitialized memory, and jduck's comment, awakened memories from a...
Read MoreIf I told you that when n is a positive power of two and d an arbitrary number, both represented as double, the condition (n - 1) * d + d == n * d in strictly-IEEE-754-implementing C is always true, would you start looking for a counter-example, or start...
Read MoreNearly 15 months ago, according to a past article, this blog celebrated its 15-month anniversary, and celebrated with the announcement of minor milestones having been reached: 100 articles and 50 comments. Fifteen months after that, the current count is nearly 200 articles and 200 comments. Also, the blog managed to...
Read More