Closed chadbrewbaker closed 3 years ago
Looking forward to it!
Ok, I'll take a stab at it. IMHO void malloc (size_t size); is bad mojo. Programmers should be explicit with void malloc(uint16/32/64_t size); so accessors can be at least byte magnitude typed. Need to noodle on whole program LLVM for freetype to bring in the LLVM IR for libpng - also cut code not in that call path to make a corpus to test on.
Tell me if I am insane or if this has a chance at detecting CVE-2020-15999 style bugs.
Writing a static checker that marks 16 bit magnitude allocated mallocs and warns when they get 32 bit magnitude accesses?