Comment by tiffanyh
2 years ago
Would a code analyzer have detected this bug?
(E.g. Valgrind, Flexelint, cppcheck, clang static analyzer, etc.)
If yes, then why aren't code analyzers used on all OpenBSD code submissions, given their stance on having correct code & security focused.
No, probably not. It requires a crafted binary to be executed.