RC RANDOM CHAOS

compiler security

4 posts

The unread binary every compiler still trusts
Article

The unread binary every compiler still trusts

Translating rustc to C changes the compiler's substrate, not its logic of trust: build pipelines execute on resolved references, never verified content.

crustc ports rustc to C and voids every safety proof
Article

crustc ports rustc to C and voids every safety proof

Translating rustc to C strips Rust's compile-time memory-safety guarantees and reopens out-of-bounds writes, UAF, and type confusion in the toolchain.

CVE-2009-1897 is back, now under every @bitCast
Article

CVE-2009-1897 is back, now under every @bitCast

How Zig's @bitCast lowering and LLVM's optimizer can synthesize exploitable use-after-free bugs that no source review or EDR will ever see.

How GCC 4.3 deleted a NULL check in 2009
Article

How GCC 4.3 deleted a NULL check in 2009

How undefined behavior in C lets compilers delete safety checks, why it drives most memory-safety CVEs, and what it means for AI-generated code.