Posts by Tags

AEG

Play with Angr

14 minute read

Published:

I have put this note in my draft for a long time :stuck_out_tongue_winking_eye: Recently, got a chance again to play with it in research. Here is the story about playing Angr just like a baby.

FFI

How is catching Rust FFI panic possible?

4 minute read

Published:

How is it possible for C++ to catch panic from Rust function? Is it an intended behavior? Let me show it and prove it with details of source implementation!

Rust

Play with clippy

4 minute read

Published:

I consider clippy a good start to write a static analyzer for Rust. You would be able to find all details in official clippy documentation; however, this post is combined with my own experience and summarizing the important information.

A devil in Rust: Subtyping and Variance

7 minute read

Published:

At the first time I tried to learn the concept of variance, I failed to figure it out. The first reason was that I couldn’t combine the concept of lifetime. Another reason was that, it was difficult for me to apply the concept of “&'a mut T is invariant over T” to the real cases. Additionally, what a hell does “is invariant over” mean? Recently, I picked up this challenge again. After spending several days on reading articles and debugging, I finally figure something out, and I hope my explanation and experience could help more people who are stuck in the same places.

angr

Play with Angr

14 minute read

Published:

I have put this note in my draft for a long time :stuck_out_tongue_winking_eye: Recently, got a chance again to play with it in research. Here is the story about playing Angr just like a baby.

clean code

clippy

Play with clippy

4 minute read

Published:

I consider clippy a good start to write a static analyzer for Rust. You would be able to find all details in official clippy documentation; however, this post is combined with my own experience and summarizing the important information.

cve

Analysis and Mitigation of CVE-2018-13379

5 minute read

Published:

Introduction

In CVE-2018-13379, untrusted user could use the feature of snprintf() to launch the attack of arbitrary file reading.
Isn’t snprintf() already a safer function?
What kind of the feature can be used to bypass the limitation of file extension?
In this article, I would not only analyze the way of launching an attack, but also share some ideas of mitigation!

foreign exception

How is catching Rust FFI panic possible?

4 minute read

Published:

How is it possible for C++ to catch panic from Rust function? Is it an intended behavior? Let me show it and prove it with details of source implementation!

research

subtype

A devil in Rust: Subtyping and Variance

7 minute read

Published:

At the first time I tried to learn the concept of variance, I failed to figure it out. The first reason was that I couldn’t combine the concept of lifetime. Another reason was that, it was difficult for me to apply the concept of “&'a mut T is invariant over T” to the real cases. Additionally, what a hell does “is invariant over” mean? Recently, I picked up this challenge again. After spending several days on reading articles and debugging, I finally figure something out, and I hope my explanation and experience could help more people who are stuck in the same places.

symbolic execution

Play with Angr

14 minute read

Published:

I have put this note in my draft for a long time :stuck_out_tongue_winking_eye: Recently, got a chance again to play with it in research. Here is the story about playing Angr just like a baby.

unbounded lifetime

A devil in Rust: Subtyping and Variance

7 minute read

Published:

At the first time I tried to learn the concept of variance, I failed to figure it out. The first reason was that I couldn’t combine the concept of lifetime. Another reason was that, it was difficult for me to apply the concept of “&'a mut T is invariant over T” to the real cases. Additionally, what a hell does “is invariant over” mean? Recently, I picked up this challenge again. After spending several days on reading articles and debugging, I finally figure something out, and I hope my explanation and experience could help more people who are stuck in the same places.

variance

A devil in Rust: Subtyping and Variance

7 minute read

Published:

At the first time I tried to learn the concept of variance, I failed to figure it out. The first reason was that I couldn’t combine the concept of lifetime. Another reason was that, it was difficult for me to apply the concept of “&'a mut T is invariant over T” to the real cases. Additionally, what a hell does “is invariant over” mean? Recently, I picked up this challenge again. After spending several days on reading articles and debugging, I finally figure something out, and I hope my explanation and experience could help more people who are stuck in the same places.