Frama-C There has been talk recently amongst my colleagues of Frama-C-wide support for compilation platforms that define FLT_EVAL_METHOD as 2. Remember that this compiler-set value, introduced in C99, means that all floating-point computations in the C program are made with long double precision, even if the type of the expressions they...
Read MoreTyping man recv on my system, I get: ssize_t recv(int socket, void *buffer, size_t length, int flags); The man page contains this additional bit of specification: “These calls return the number of bytes received, or -1 if an error occurred.” The type ssize_t is defined as a signed variant of...
Read MoreI like Robert Graham's analysis on Microsoft's new bug bounty program. I would never have thought of selling vulnerabilities to the NSA (but then I am not American and not a security researcher). Does the NSA not employ qualified people to look for vulnerabilities as their day job? Is that...
Read MoreThe title of this post, “Attack by Compiler”, has been at the back of my mind for several weeks. It started with a comment by jduck on a post earlier this year. The post's topic, the practical undefinedness of reading from uninitialized memory, and jduck's comment, awakened memories from a...
Read MoreIf I told you that when n is a positive power of two and d an arbitrary number, both represented as double, the condition (n - 1) * d + d == n * d in strictly-IEEE-754-implementing C is always true, would you start looking for a counter-example, or start...
Read More