RC RANDOM CHAOS

memory safety

14 posts

crustc ports rustc to C and voids every safety proof
Article

crustc ports rustc to C and voids every safety proof

Translating rustc to C strips Rust's compile-time memory-safety guarantees and reopens out-of-bounds writes, UAF, and type confusion in the toolchain.

A crafted sprite overflows the blitter's heap
Article

A crafted sprite overflows the blitter's heap

Attack-surface analysis of OpenTTD 160beta1: integer overflow in sprite decoding, untrusted savegame and packet parsing, and why EDR stays blind.

The collector frees live objects
Article

The collector frees live objects

Garbage collection bugs are use-after-free in the runtime. How tricolour invariants, write barriers, and moving collectors break, and why EDR misses it.

CVE-2009-1897 is back, now under every @bitCast
Article

CVE-2009-1897 is back, now under every @bitCast

How Zig's @bitCast lowering and LLVM's optimizer can synthesize exploitable use-after-free bugs that no source review or EDR will ever see.

LuaJIT proposal exposes a guard-elision primitive
Article

LuaJIT proposal exposes a guard-elision primitive

LuaJIT's proposed relaxed type checking elides JIT trace guards, creating a type-confusion primitive reachable wherever embedded Lua handles untrusted input.

SIGGRAPH 2023 shipped an unfuzzed ingest path
Article

SIGGRAPH 2023 shipped an unfuzzed ingest path

Gaussian splats don't break browser memory protection. Their untrusted parsers do: integer overflow to OOB write in splat viewers, CWE-190 into CWE-787.

Kees Cook deleted strncpy from the Linux kernel
Article

Kees Cook deleted strncpy from the Linux kernel

Linux removed strncpy after six years and 360+ patches. The mechanism: missing NUL termination, out-of-bounds reads, kernel info leaks, and why strscpy replaces it.

Linux kernel deleted strncpy across 360 patches
Article

Linux kernel deleted strncpy across 360 patches

Linux removed strncpy across 360 patches over six years. The exposure: a bounded write primitive used as a safety control it never implemented.

DuckDB trusts persisted blocks attackers control
Article

DuckDB trusts persisted blocks attackers control

DuckDB runs in-process as a C++ library. Its immutability and checksum assumptions create a quiet memory-corruption surface that host EDR never sees.

Heartbleed was a C bug, not a web bug
Article

Heartbleed was a C bug, not a web bug

CVE-2014-0160 was an out-of-bounds read in OpenSSL C, not a JavaScript flaw. The real mechanism, the network-only telemetry gap, and what survived the patch.

1992 hardware, no MMU, every payload lands
Article

1992 hardware, no MMU, every payload lands

The Game Boy Work Boy exposes a system with no MMU, DEP, or ASLR - flat executable memory and a fixed layout where any write becomes code execution.

A renamed file walks past the heap boundary
Article

A renamed file walks past the heap boundary

CVE-2026-48095 is a 7-Zip NTFS heap overflow triggered through renamed files. Operator breakdown of what failed, why, and what must now be true.