How I’ve found vulnerability in a popular Rust crate (and you can too)

All of these are the same image. Due to a bug in the GIF decoder contents of browser memory shows up in the decoded images.

The birth of libdiffuzz

Trivial program where the output depends on the contents of uninitialized memory

From the lab to real world

We’ll discuss that vulnerability in a bit

Why didn’t Rust prevent this?

Documenting the fastest way to safely initialize a vector would have prevented this vulnerability.

But wait, it gets weirder

Conclusions

--

--

--

Rust, security, and snark.

Love podcasts or audiobooks? Learn on the go with our new app.

CODING IS TOUGH OR YOU’RE NOT JUST TOUGH ENOUGH?

How I Built an API with Mux, Go, PostgreSQL, and GORM

Stamina System in Unity

Hi I go by the name Eseiwi, i am a Backend web Developer working with PHP, I am in the…

Project 4 : Experiment with External Sensor Module

“Eating” Spaghetti Code for Breakfast, and “Serving” Custom API Framework for Lunch

#3 Card (Flutter Famous Widgets’ Guide)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sergey "Shnatsel" Davidoff

Sergey "Shnatsel" Davidoff

Rust, security, and snark.

More from Medium

Containerizing a Phoenix 1.6 Umbrella Project

Rust on Espressif chips — 10–01–2022

Deno on Windows: Installation

Creating a Linkerd Controller in Golang