IOC Journal Edition: Highlights

Mon 12/07/15   15:33  in  integer

I’m excited to announce the publication of the journal version of “Understanding Integer Overflow in C/C++”, appearing in TOSEM Volume 25 Issue 1. This is an updated and expanded version of our ICSE12 paper of the same name. The longer journal format enabled a more thorough treatment of the subject, and we did our best to take advantage of that opportunity.

Thanks to my co-authors for all their efforts, and especially for seeing this work through to the end. It’s been a long run and you guys are great.

Read Full Post

Undefined Behavior in Binutils Causes Segfault

Mon 08/19/13   14:24  in  integer

As reported on the binutils bugzilla.

No response yet, but should be easy to fix.

Details follow (same as in bug report but easier to read).

Read Full Post

Analysis of Integer Error in Latest wget

Mon 08/19/13   14:03  in  integer

Here’s another integer error found by our research that occurs in wget 1.14 (latest at time of writing) in the --version output.

This has been reported and fixed upstream, coming soon to a wget near you!

Read Full Post

Several curl Globbing Bugs Reported, Fixed

Mon 08/19/13   10:00  in  integer

I recently discovered a slew of bugs in curl, which occur in all versions I have access to, including latest release at time of writing (7.32.0) and goes back to at least 7.19.7.

One of the bugs can be used to crash curl or systems using curl via exec (not libcurl), the others cause strange or incorrect behavior.

Read Full Post