**Kees Cook (old account)** @kees · May 13

Kees Cook (old account) @kees

I've spent the last couple weeks chasing bizarre bugs. To be faced with yet another seemingly impossible bug, I am a bit demotivated. Gonna go for a walk and then bust out the binary diffing tools. I suspect it's more weird inlining behavior like this one:
https://lore.kernel.org/lkml/20250507181615.1947159-1-kees@kernel.org/

lore.kernel.orgMaking sure you're not a bot!

Kees Cook (old account)

Kees Cook (old account)Yay! Debian has enabled UBSAN_BOUNDS for array bounds checking in their kernel. <a href="https://salsa.debian.org/kernel-team/linux/-/commit/f0e7aac02bc7ed179637a6c676b2ab4afe4c5db7" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://salsa.debian.org/kernel-team/linux/-/commit/f0e7aac02bc7ed179637a6c676b2ab4afe4c5db7</a> Anyone wanting to enforce the checking, don't forget to set the warn_limit sysctl too.

Kees Cook (old account)

Kees Cook (old account)I decided to actually go see how hard adding __builtin_is_lvalue() to Clang would be, and it only took an evening. With that available we can set the variables passed to kfree() to NULL automatically. This should kill a subset of "dangling pointer" Use-After-Free flaws with basically no overhead and almost no refactoring in the kernel.<a href="https://lore.kernel.org/linux-hardening/20250321202620.work.175-kees@kernel.org/" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://lore.kernel.org/linux-hardening/20250321202620.work.175-kees@kernel.org/</a>

Kees Cook (old account)

Kees Cook (old account)Trick question, can calling execve(2) result in a new thread ID?

Kees Cook (old account)

Kees Cook (old account)Well I guess everyone everywhere will want to use -fzero-init-padding-bits=all when updating to GCC15 to avoid regressing their uninitialized variable mitigations... Why in the world would the C standard committee work to make things *less* safe by default??!Edit: this appears to be a decision on GCC's part and not a new change from the C committee. (See down-thread.)<a href="https://infosec.exchange/@edmonds/113851256533780886" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://infosec.exchange/@edmonds/113851256533780886</a>

Kees Cook (old account)

Kees Cook (old account)I generated a 12-character commit SHA prefix collision with the start of Linux's git history. It took about 6 hours on an RTX 3080 GPU:<a href="https://people.kernel.org/kees/colliding-with-the-sha-prefix-of-linuxs-initial-git-commit" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://people.kernel.org/kees/colliding-with-the-sha-prefix-of-linuxs-initial-git-commit</a>

Kees Cook (old account)

Kees Cook (old account)Dear C Lazy Web,How do I define an array of nonstring char arrays?just a char array, valid: char str[4] __attribute__((nonstring)):array of char arrays, cursed: char multi[10][4] __attribute__((nonstring));I've tried typedefs and moving the attribute around. No luck. What am I missing?Here's a godbolt: <a href="https://godbolt.org/z/4Mb61heG1" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://godbolt.org/z/4Mb61heG1</a> I'd want to see a warning for both strlen() instances...

Kees Cook (old account)

Kees Cook (old account)@kees@fosstodon.orgfosstodon.org

Kees Cook (old account)@kees@fosstodon.org