memory safety
14 posts
crustc ports rustc to C and voids every safety proof
Translating rustc to C strips Rust's compile-time memory-safety guarantees and reopens out-of-bounds writes, UAF, and type confusion in the toolchain.
A crafted sprite overflows the blitter's heap
Attack-surface analysis of OpenTTD 160beta1: integer overflow in sprite decoding, untrusted savegame and packet parsing, and why EDR stays blind.
The collector frees live objects
Garbage collection bugs are use-after-free in the runtime. How tricolour invariants, write barriers, and moving collectors break, and why EDR misses it.
CVE-2009-1897 is back, now under every @bitCast
How Zig's @bitCast lowering and LLVM's optimizer can synthesize exploitable use-after-free bugs that no source review or EDR will ever see.
LuaJIT proposal exposes a guard-elision primitive
LuaJIT's proposed relaxed type checking elides JIT trace guards, creating a type-confusion primitive reachable wherever embedded Lua handles untrusted input.
SIGGRAPH 2023 shipped an unfuzzed ingest path
Gaussian splats don't break browser memory protection. Their untrusted parsers do: integer overflow to OOB write in splat viewers, CWE-190 into CWE-787.
Kees Cook deleted strncpy from the Linux kernel
Linux removed strncpy after six years and 360+ patches. The mechanism: missing NUL termination, out-of-bounds reads, kernel info leaks, and why strscpy replaces it.
Linux kernel deleted strncpy across 360 patches
Linux removed strncpy across 360 patches over six years. The exposure: a bounded write primitive used as a safety control it never implemented.
DuckDB trusts persisted blocks attackers control
DuckDB runs in-process as a C++ library. Its immutability and checksum assumptions create a quiet memory-corruption surface that host EDR never sees.
Heartbleed was a C bug, not a web bug
CVE-2014-0160 was an out-of-bounds read in OpenSSL C, not a JavaScript flaw. The real mechanism, the network-only telemetry gap, and what survived the patch.
1992 hardware, no MMU, every payload lands
The Game Boy Work Boy exposes a system with no MMU, DEP, or ASLR - flat executable memory and a fixed layout where any write becomes code execution.
A renamed file walks past the heap boundary
CVE-2026-48095 is a 7-Zip NTFS heap overflow triggered through renamed files. Operator breakdown of what failed, why, and what must now be true.