← Back to context Comment by MyMonkeyBalls 2 years ago Yeah even a child like me is better at secure programming than Theo De Raadt 4 comments MyMonkeyBalls Reply petee 2 years ago Then report the bug like an adult instead of acting like you found some huge published vulnerability in code that was posted for peer review. Thats why the code is there, so others can identify issues; congrats, you did.People make mistakes in every project. So grow up tiffanyh 2 years ago Would a code analyzer have detected this bug?(E.g. Valgrind, Flexelint, cppcheck, clang static analyzer, etc.)If yes, then why aren't code analyzers used on all OpenBSD code submissions, given their stance on having correct code & security focused. ori_b 2 years ago No, probably not. It requires a crafted binary to be executed. MyMonkeyBalls 2 years ago [flagged]
petee 2 years ago Then report the bug like an adult instead of acting like you found some huge published vulnerability in code that was posted for peer review. Thats why the code is there, so others can identify issues; congrats, you did.People make mistakes in every project. So grow up tiffanyh 2 years ago Would a code analyzer have detected this bug?(E.g. Valgrind, Flexelint, cppcheck, clang static analyzer, etc.)If yes, then why aren't code analyzers used on all OpenBSD code submissions, given their stance on having correct code & security focused. ori_b 2 years ago No, probably not. It requires a crafted binary to be executed. MyMonkeyBalls 2 years ago [flagged]
tiffanyh 2 years ago Would a code analyzer have detected this bug?(E.g. Valgrind, Flexelint, cppcheck, clang static analyzer, etc.)If yes, then why aren't code analyzers used on all OpenBSD code submissions, given their stance on having correct code & security focused. ori_b 2 years ago No, probably not. It requires a crafted binary to be executed.
Then report the bug like an adult instead of acting like you found some huge published vulnerability in code that was posted for peer review. Thats why the code is there, so others can identify issues; congrats, you did.
People make mistakes in every project. So grow up
Would a code analyzer have detected this bug?
(E.g. Valgrind, Flexelint, cppcheck, clang static analyzer, etc.)
If yes, then why aren't code analyzers used on all OpenBSD code submissions, given their stance on having correct code & security focused.
No, probably not. It requires a crafted binary to be executed.
[flagged]