I spent some time yesterday running #sudo through Facebook's Infer static analyzer. It seems much more strict about dead stores than other analyzers and there were a _lot_ of uninitialized value false positives
Most of those false positives fall into two categories: the value was set inside a for() loop which was guaranteed to run for at least one iteration, or the value being set was dependent on another variable. This last case used to cause problems for gcc but they improved their checker to deal with that years ago.
I quieted the dead store warnings (hopefully introducing no new bugs in the process) but at this stage, I can't really recommend using Infer for C code if you have Coverity or even the clang analyzer available.
https://bsd.network/@millert/109394281335710288
-
-
-
-
-
-
-
BBC documentary used face-swapping AI to hide protesters' identities
-
-
-
-
This is what happens when Katie joins us on Glasshouse. Europe backs down.
The final version of the preliminary draft report concerning spyware/Pegasus/etc is completely cut out of details, previous details about curbs on vulnerability research/trade are purged.
It now says that "the discovery, sharing and exploitation of vulnerabilities have to be regulated".
Unclear how - would they suggest an "EU-approved" seal for zero-day vulns or such products? Obligatory on the box - not made of plastic of course! We have to protect the environment. https://www.europarl.europa.eu/doceo/document/PEGA-PR-738492_EN.pdf
https://mastodon.social/@LukaszOlejnik/109403266985120769
-
Russian spies have been the theme of the week, been commenting to the media about activity targeting Finland. Overall, there are tens of foreign intelligence officers posted in Finland, and espionage attempts targeting Finland are constant. (Correct English name for our service is Finnish Security and Intelligence Service, bit wrong in the article.) https://yle.fi/a/3-12680851
https://infosec.exchange/@vpk/109403188484005378
-