I’m excited to announce the publication of the journal version of “Understanding Integer Overflow in C/C++”, appearing in TOSEM Volume 25 Issue 1. This is an updated and expanded version of our ICSE12 paper of the same name. The longer journal format enabled a more thorough treatment of the subject, and we did our best to take advantage of that opportunity.
Thanks to my co-authors for all their efforts, and especially for seeing this work through to the end. It’s been a long run and you guys are great.
As reported on the binutils bugzilla.
No response yet, but should be easy to fix.
Details follow (same as in bug report but easier to read).
Here’s another integer error found by our research
that occurs in wget 1.14 (latest at time of writing)
This has been reported and fixed upstream, coming soon to a wget near you!
I recently discovered a slew of bugs in curl, which occur in all versions I have access to, including latest release at time of writing (7.32.0) and goes back to at least 7.19.7.
One of the bugs can be used to crash curl or systems using curl via exec (not libcurl), the others cause strange or incorrect behavior.