OpenOSC
OpenOSC copied to clipboard
cisco
Open Object Size Checking: Library to detect buffer overflows in C/C++ code
It does work with older Clang versions, at least through Clang 17.0.6. See https://gitlab.com/libsir/libsir/-/jobs/6473142110#L91 and https://gitlab.com/libsir/libsir/-/jobs/6473142115#L91 for complete error details.
@yonhan3 I have an application that would need quite a few modifications to build with OpenOSC, which I think shouldn't be necessary (or at least optional), since `strnlen` checking is,...
Perhaps you could hotlink the paper referenced in the README to it's canonical source, *i.e.* https://doi.org/10.1109/SecDev.2019.00026 ? Also, is there any open access to this paper (not requiring an IEEE...
Example: fuzzer.c: ``` #include #include #include int main() { char src[] = "lorem ipsum dolor sit amet"; char *dst; dst = malloc(10); strcpy(dst, src); printf("%s\n", dst); } ``` Makefile: ```...
There is a _lot_ of source in a project I work in, most of it historic and from a variety of different developers. We are implementing OpenOSC into this platform,...
If you take this program ``` #include void test(){} ``` which builds with no issues with `clang -O1 -D_GNU_SOURCE -o /dev/null -c test.c`. And use OpenOSC 1.0.7, it fails with...
OpenOSC doesn't work with musl. The main benefit I would see in OpenOSC is having a C-library-independent _FORTIFY_SOURCE. musl does indeed [ask for such a library](https://wiki.musl-libc.org/future-ideas.html#Fortify). But OpenOSC right now...
This simple program ``` #include #include int main() { std::printf("%s\n", std::to_string(3.14).c_str()); } ``` fails to compile with LTO in the latest version of gcc (and also in older versions), when...
My understanding is that gcc 12 / clang 9 introduced a new builtin, __builtin_dynamic_object_size, which allows for an improved _FORTIFY_SOURCE=3. Looking at the OpenOSC source code, I see references to...