Leagsaidh Gordon rakiru

## gist:e0f055bfb74e3d5f0af20690759de5a7
Why do compilers even bother with exploiting undefinedness signed overflow? And what are those
mysterious cases where it helps?

A lot of people (myself included) are against transforms that aggressively exploit undefined behavior, but
I think it's useful to know what compiler writers are accomplishing by this.

TL;DR: C doesn't work very well if int!=register width, but (for backwards compat) int is 32-bit on all
major 64-bit targets, and this causes quite hairy problems for code generation and optimization in some
fairly common cases. The signed overflow UB exploitation is an attempt to work around this.

## bash.org.json
[{"quote": "<Ash> Win2k! ^_^\r\n*** Ash Quit (Read error: 73 (Connection reset by peer))", "score": 890, "id": 64},
{"quote": "<LEONARDO> EMINEM < PUBERTY", "score": 125, "id": 65},
{"quote": "<noppa> weed: (dont inhale and you will become the next president!!!!!)", "score": 5, "id": 66},
{"quote": "<circle`> he's like, you, you and you, suck this", "score": -48, "id": 67},
{"quote": "<HomerJ> Microsoft could shit in a box, adn most people would buy it", "score": 1206, "id": 68},
{"quote": "<spleenex> EQ is like a 3D AOL chatroom with monsters :/", "score": 1482, "id": 69},
{"quote": "* XS slaps the crap out of someone with a larger than ordinary, non-standard, frames compatible, Microsoft trout.", "score": 1067, "id": 70},
{"quote": "<strobe> damn, NeXT users are a weird bunch\r\n<strobe> Did the NeXT cube come with free crack or something?", "score": 633, "id": 71},
{"quote": "<reptile-> The first time hypr opened a box of Cheerios and looked inside he yelled, \"OH WOW! DONUT SEEDS!\"\r\n<hypr> wtf are donu

## semantic-pedantic.md

      
              1 file
            
          
              18 forks
            
          
              86 comments
            
          
              319 stars
            
          
                jashkenas
                / semantic-pedantic.md
            
            
              Last active
              June 27, 2024 19:00
            
              
                Why Semantic Versioning Isn't
              
          
    Spurred by recent events (https://news.ycombinator.com/item?id=8244700), this is a quick set of jotted-down thoughts about the state of "Semantic" Versioning, and why we should be fighting the good fight against it.
For a long time in the history of software, version numbers indicated the relative progress and change in a given piece of software. A major release (1.x.x) was major, a minor release (x.1.x) was minor, and a patch release was just a small patch. You could evaluate a given piece of software by name + version, and get a feeling for how far away version 2.0.1 was from version 2.8.0.
But Semantic Versioning (henceforth, SemVer), as specified at http://semver.org/, changes this to prioritize a mechanistic understanding of a codebase over a human one. Any "breaking" change to the software must be accompanied with a new major version number. It's alright for robots, but bad for us.
SemVer tries to compress a huge amount of information — the nature of the change, the percentage of users that wil

  
## README.md

      
              2 files
            
          
              5 forks
            
          
              17 comments
            
          
              25 stars
            
          
                ah8r
                / README.md
            
            
              Last active
              June 7, 2020 19:51
            
              
                Hut3 Cardiac Arrest (compatible with Python 2.7)
              
          
    Cardiac Arrest

Hut3 Cardiac Arrest - A script to check OpenSSL servers for the Heartbleed bug (CVE-2014-0160).
Note: This code was originally a GitHub Gist but has been copied to a full GitHub Repository so issues can also be tracked. Both will be kept updated with the latest code revisions.
DISCLAIMER: There have been unconfirmed reports that this script can render HP iLO unresponsive. This script complies with the TLS specification, so responsitivity issues are likely the result of a bad implementation of TLS on the server side. CNS Hut3 and Adrian Hayter do not accept responsibility if this script crashes a server you test it against. USE IT AT YOUR OWN RISK. As always, the correct way to test for the vulnerability is to check the version of OpenSSL installed on the server in question. OpenSSL 1.0.1 through 1.0.1f are vulnerable.
This script has several advantages over similar scripts that have been re

  
## deadbeef_character.py
"""
This file contains code that, when run on Python 2.7.5 or earlier, creates
a string that should not exist: u'\Udeadbeef'. That's a single "character"
that's illegal in Python because it's outside the valid Unicode range.

It then uses it to crash various things in the Python standard library and
corrupt a database.

On Python 3... well, this file is full of syntax errors on Python 3. But
if you were to change the print statements and byte literals and stuff:

## tricksy.c
// hello clever programmers, would you like to play a game?
// where's the bug?
// by 0xabad1dea :)

#include <stdio.h>
#include <string.h>

int main() {
  	char input[16] = "stringstring!!!";
	char output[8];

## rh_hash_table.hpp
#define USE_ROBIN_HOOD_HASH 1
#define USE_SEPARATE_HASH_ARRAY 1

template<class Key, class Value>
class hash_table
{
  static const int INITIAL_SIZE = 256;
	static const int LOAD_FACTOR_PERCENT = 90;

	struct elem

## partial.c
/*
 * Partial applied functions in C
 * Leandro Pereira <leandro@tia.mat.br>
 */
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <stdbool.h>

## vxl2tga.py
# vxl2tga.py: renders a vxl map isometrically
# by GreaseMonkey, 2013 - public domain

import sys, struct

WIDTH, HEIGHT = 2048, 1024+128
g = [[None for i in xrange(WIDTH)] for j in xrange(HEIGHT)]

def pp(x,y,z,col):
	rx = (z-x)*2+1024

## bootstrap-recaptcha.css
.input-recaptcha {
	width:172px;
}
	Why do compilers even bother with exploiting undefinedness signed overflow? And what are those
	mysterious cases where it helps?

	A lot of people (myself included) are against transforms that aggressively exploit undefined behavior, but
	I think it's useful to know what compiler writers are accomplishing by this.

	TL;DR: C doesn't work very well if int!=register width, but (for backwards compat) int is 32-bit on all
	major 64-bit targets, and this causes quite hairy problems for code generation and optimization in some
	fairly common cases. The signed overflow UB exploitation is an attempt to work around this.
	[{"quote": "<Ash> Win2k! ^_^\r\n*** Ash Quit (Read error: 73 (Connection reset by peer))", "score": 890, "id": 64},
	{"quote": "<LEONARDO> EMINEM < PUBERTY", "score": 125, "id": 65},
	{"quote": "<noppa> weed: (dont inhale and you will become the next president!!!!!)", "score": 5, "id": 66},
	{"quote": "<circle`> he's like, you, you and you, suck this", "score": -48, "id": 67},
	{"quote": "<HomerJ> Microsoft could shit in a box, adn most people would buy it", "score": 1206, "id": 68},
	{"quote": "<spleenex> EQ is like a 3D AOL chatroom with monsters :/", "score": 1482, "id": 69},
	{"quote": "* XS slaps the crap out of someone with a larger than ordinary, non-standard, frames compatible, Microsoft trout.", "score": 1067, "id": 70},
	{"quote": "<strobe> damn, NeXT users are a weird bunch\r\n<strobe> Did the NeXT cube come with free crack or something?", "score": 633, "id": 71},
	{"quote": "<reptile-> The first time hypr opened a box of Cheerios and looked inside he yelled, \"OH WOW! DONUT SEEDS!\"\r\n<hypr> wtf are donu
	"""
	This file contains code that, when run on Python 2.7.5 or earlier, creates
	a string that should not exist: u'\Udeadbeef'. That's a single "character"
	that's illegal in Python because it's outside the valid Unicode range.

	It then uses it to crash various things in the Python standard library and
	corrupt a database.

	On Python 3... well, this file is full of syntax errors on Python 3. But
	if you were to change the print statements and byte literals and stuff:
	// hello clever programmers, would you like to play a game?
	// where's the bug?
	// by 0xabad1dea :)

	#include <stdio.h>
	#include <string.h>

	int main() {
	char input[16] = "stringstring!!!";
	char output[8];
	#define USE_ROBIN_HOOD_HASH 1
	#define USE_SEPARATE_HASH_ARRAY 1

	template<class Key, class Value>
	class hash_table
	{
	static const int INITIAL_SIZE = 256;
	static const int LOAD_FACTOR_PERCENT = 90;

	struct elem
	/*
	* Partial applied functions in C
	* Leandro Pereira <leandro@tia.mat.br>
	*/
	#include <assert.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <stdint.h>
	#include <stdbool.h>
	# vxl2tga.py: renders a vxl map isometrically
	# by GreaseMonkey, 2013 - public domain

	import sys, struct

	WIDTH, HEIGHT = 2048, 1024+128
	g = [[None for i in xrange(WIDTH)] for j in xrange(HEIGHT)]

	def pp(x,y,z,col):
	rx = (z-x)*2+1024