daniel:// stenberg://Dec 13, 2024

"let me use an AI and file another bug against #curl

https://github.com/curl/curl/issues/15736

Severe Remote Code Execution Vulnerability in `varexpand` Function Due to Insecure Input Handling and Memory Operations · Issue #15736 · curl/curl

I did this A critical remote code execution vulnerability exists in the varexpand function due to a combination of insecure input handling, unsafe memory operations, and improper execution of user-...

GitHub
Show threadSunnyDec 13, 2024

@bagder They accidentally pasted their conversation history with ChatGPT into another issue as well...

You said:
What is the major bug in this code
[...]

ChatGPT said:
The code contains a critical logical bug that violates an assertion in the function tiling_resize_for_border:
[...]

You said:
Write a github bug report for that issue, make it sound extremely major

Why.

Bug Report: Critical Issue with Resizing Logic in Tiling Mode · Issue #6333 · i3/i3

Welcome Yes, I'm using the latest major release or the current development version. These are the only supported versions. Yes, I've searched similar issues and discussions on GitHub and didn't fin...

GitHub
Show threadDaniel Silverstone - MovedDec 13, 2024
@sunny @bagder I wonder, is anyone gathering the usernames of people who do this so that those of us with FOSS projects not yet targeted can pre-block them?
Show threaddaniel:// stenberg://Dec 13, 2024
@kinnison @sunny I think the general idea is that Github bans/stops these users, so we should all report them so they are properly noticed
Show threadilmari

@bagder @kinnison @sunny I did, and got this reply within an hour:

We have determined that one or more violations of GitHub’s Terms of Service have occurred and have taken appropriate action in response.

Both the above issue and the user's profile now return a 404.

Dec 13, 2024 at 2:11pmWeb
Show threadDaniel Silverstone - MovedDec 13, 2024
@ilmari @bagder @sunny that's better than I expected 🎉🎉🎉