| [Coke] | remaining types of errors reported in Snyk: Improper Null Termination; Dereference of a NULL Pointer; Use After Free; Missing release of memory after Effective Lifetime; Potential Buffer Overflow; Double Free | 12:08 | |
| github.com/MoarVM/MoarVM/blob/69cd...tf8.c#L647 seems a reasonable complaint about use after free, e.g. | 12:09 | ||
| .... ah, no it doesn't, because there's a throw in there | 12:10 | ||
| So more like it's not understanding our code base, I guess. | |||
| I suspect many of them are of that nature. | 12:11 | ||
| japhb | Better to deal with some false positives than have no visibility at all. Still, I'd feel better if it found something real, because then I'd know that it was looking deep enough. (I don't really believe you can have a previously unaudited codebase the size of MoarVM without at least *one* real bug existing.) | 15:00 | |
| [Coke] | Yup. Happy to share keys to Snyk with any core devs, but also understand we don't want to drown them with more crap. | 16:12 | |
| We can also scan the other moarvm repos we have that have patches in them from other places. | |||
| importing others (including the web site) | 16:31 | ||
|
18:30
librasteve_ joined
|
|||
| librasteve_ | rakudoweekly.blog/2025/09/22/2025-...clone-liz/ | 18:47 | |
|
21:59
librasteve_ left
|
|||