Björkus "No time_t to Die" DorkusNov 29, 2023

Oh cool, another Chrome 0-day abusing integer overflow.

Neat.

Great.

Awesome.

Show threadFélixNov 29, 2023
@thephd this is possibly a controversial opinion, but in my view, integer overflows are _mostly_ dangerous when they cause a “second order” buffer overflow, for instance if the overflowed value is passed to malloc and you get a significantly smaller buffer than you were expecting. If we fix bounds safety, integer overflows aren’t nearly as dangerous as they are today even if we do nothing about them
Show threadSam
@fay59 @thephd so long as you don't have overflows when computing your bounds, right? (lol)
Nov 29, 2023 at 11:45pmWeb
Show threadFélixNov 30, 2023
@lenary @thephd the beautiful thing about it is that if you do malloc(overflowed_int) and you set the bounds to overflowed_int, you get the right outcome