ossf / wg-metrics-and-metadata

The purpose of the Metrics & Metadata (formerly Identifying Security Threats) working group is to enable stakeholders to have informed confidence in the security of open source projects. We do this by collecting, curating, and communicating relevant metrics and metadata from open source projects and the ecosystems of which they are a part.

https://openssf.org

Apache License 2.0

221 stars 42 forks source link

nullptr NULL denial of service attacks #4

Open coinhubs opened 3 years ago

coinhubs commented 3 years ago

There's one constant source of crashes, SEGV due to NULL pointer de-references in APIs. They are literally everywhere. eg glibc

include

int main() { puts(NULL); return 0; }

C11 had Annex K functions which avoid many crashes, but annex K has not been adopted widely.

Suhit-Majumdar commented 2 years ago

Hi Can you please mention which branch and which code is causing this issue so that I can understand it better and try resolving the issue?

coinhubs commented 2 years ago

Suhit-Majumdar

All branches. It's easy to reproduce on all computers. Why don't you start there?