Comment by petee
2 years ago
Then report the bug like an adult instead of acting like you found some huge published vulnerability in code that was posted for peer review. Thats why the code is there, so others can identify issues; congrats, you did.
People make mistakes in every project. So grow up
Would a code analyzer have detected this bug?
(E.g. Valgrind, Flexelint, cppcheck, clang static analyzer, etc.)
If yes, then why aren't code analyzers used on all OpenBSD code submissions, given their stance on having correct code & security focused.
No, probably not. It requires a crafted binary to be executed.
[flagged]