linked

security research

running reading real-world c/c++ source for memory-safety bugs
statusrunning made ofc · fuzzing · memory-safety

this isn’t a single project, it’s more of a habit. i enjoy going through c/c++ codebases to look for issues and vulnerabilities to patch/disclose.

currently working through:

  • haproxy — load balancer / http engine
  • h2o — http/1, http/2, http/3 server
  • md4c — commonmark parser in c

any cool findings will get threaded into the devlogs once disclosed.

‹ libnvme-rs ben ›