compiler security
4 posts
Article
The unread binary every compiler still trusts
Translating rustc to C changes the compiler's substrate, not its logic of trust: build pipelines execute on resolved references, never verified content.
Article
crustc ports rustc to C and voids every safety proof
Translating rustc to C strips Rust's compile-time memory-safety guarantees and reopens out-of-bounds writes, UAF, and type confusion in the toolchain.
Article
CVE-2009-1897 is back, now under every @bitCast
How Zig's @bitCast lowering and LLVM's optimizer can synthesize exploitable use-after-free bugs that no source review or EDR will ever see.
Article
How GCC 4.3 deleted a NULL check in 2009
How undefined behavior in C lets compilers delete safety checks, why it drives most memory-safety CVEs, and what it means for AI-generated code.