Sergey "Shnatsel" Davidoff
Sergey "Shnatsel" Davidoff
Running Address Sanitizer, the go-to memory debugger, currently requires multiple workarounds: - All sanitizers are botched in the default build mode, you need to force rustc to use `gold` linker...
crates.io currently lacks a number of fairly basic security features, such as requiring signatures from several maintainers to issue a package release. Designing a solution for this from scratch or...
Angora is a new fuzzer that according to its authors is strictly superior to the AFL-inspired status quo. See https://arxiv.org/abs/1803.01307 for more info. Angora itself is written in Rust, but...
Some crates on crates.io pull in vulnerable versions of transitive dependencies that do not have a semver-compatible upgrade path. An example of this is OpenSSL crate which is vulnerable to...
We need to make discovering that you need to apply security updates and applying them it as easy and obvious as possible. Production deployments have higher security requirements than development...
We need to make binaries deployed in production auditable for known security issues. This may include non-trivial deployment methods, such as: * Plain old `cargo install` * An executable inside...
This code does not uphold Rust safety invariants: either `debug_assert!()` should be `assert!()` or the function must be marked `unsafe fn`: https://github.com/seanmonstar/httparse/blob/6f696f5d027f35e11a70181c839b574e20335a74/src/lib.rs#L38-L43 Also, it's weird to see a custom function...
Running `cargo audit` on the repository reports 4 known vulnerabilities in the dependency tree: ``` Crate: brotli-sys Version: 0.3.2 Title: Integer overflow in the bundled Brotli C library Date: 2021-12-20...
[`Vec::extend_from_within()`](https://doc.rust-lang.org/stable/std/vec/struct.Vec.html#method.extend_from_within) is a newly stabilized function that allows appending a part of a vector to itself. Looks like it could replace some uses of unsafe code in lz4_flex, e.g. https://github.com/PSeitz/lz4_flex/blob/053483689099420c8576a378d8bf4e1d1fe2964f/src/block/decompress.rs#L15-L16...
Fuzzing lewton goes through the "vorbis inside ogg" codepath, which verifies CRC32 checksum on the input. This seems to prevent any kind of meaningful fuzzing. I have disabled CRC32 checks...