Tool Release – Reliably-checked String Library Binding

by Robert C. Seacord Memory Safety Reliably-checked Strings is a library binding I created that uses static array extents to improve diagnostics that can help identify memory safety flaws. This is part of broader initiative in the C Standards Committee to improve bounds checking for array types. See my blog post Improving Software Security through … Continue reading Tool Release – Reliably-checked String Library Binding

The Future of C Code Review

I gave a short talk on the Future of C Code Review at our internal (Not) NCC Con Conference this year (held virtually due to Covid-19) and recorded it for posterity.In this short talk, I focus on optimizations resulting from pointer provenance-based alias analysis that can modify the behavior of code with undefined behaviors. https://www.youtube.com/watch?v=kX1sjaqorWcContinue reading The Future of C Code Review

C Language Standards Update – Zero-size Reallocations are Undefined Behavior

[Editor's Note: Robert Seacord of NCC Group is a longstanding member of the C Standards Committee. In this blog post, he outlines a recently adopted change he proposed to the C Language Standard, to help eliminate double-free vulnerabilities being introduced to C code as a result of zero-sized reallocations of memory.] by Robert Seacord The … Continue reading C Language Standards Update – Zero-size Reallocations are Undefined Behavior