Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
lazide
on Nov 21, 2022
|
parent
|
context
|
favorite
| on:
Why CVE-2022-3602 was not detected by fuzz testing
The issue in many of these cases is there appears to be no canonical safe way to know the length of the input in C, and people apparently screw up keeping track of the lengths of the buffers all the time.
saagarjha
on Nov 22, 2022
[–]
This is why you reduce the amount of C code that has to keep track of it to as little as possible.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
