Re: Google Summer of Code projects for the GNU C Library.

[OndÅej BÃlka <neleai at seznam dot cz>]

On Fri, Feb 21, 2014 at 10:53:12AM -0500, Carlos O'Donell wrote:
> On 02/21/2014 07:53 AM, OndÅej BÃlka wrote:
> > On Fri, Feb 21, 2014 at 01:45:31AM +0000, Joseph S. Myers wrote:
> >> On Thu, 20 Feb 2014, Konstantin Serebryany wrote:
> >>
> >>> Idea for glibc GSoC project: instrument the glibc source with
> >>> AddressSanitizer (asan).
> >>> https://code.google.com/p/address-sanitizer/
> >>> goal #1: test glibc itself for bugs like stack or global buffer overflow.
> >>
> >> I suspect most interesting such bugs are for cases involving extreme (but 
> >> valid) input that's currently not covered by the testsuite.  In my 
> >> experience it's quite easy to find problems with memory allocation just by 
> >> looking for them; it might be interesting to have a project to review 
> >> allocations in glibc more thoroughly, especially where the size depends on 
> >> user input.
> >>
> > I already done review, most of these could be solved by not duplicating
> > same allocation pattern in 100 of places. Using malloca and saturated
> > arithmetic will dramaticaly cut number of possible errors.
> 
> Write up a project description for that?
> 
> https://sourceware.org/glibc/wiki/GSoC
> 
I had other things to do so I did not respond.

Anyway I am student would it be appropriate to get project for myself?

One problem is that there is plenty of work to do but I do not know what
will be most important in three months and what already done. I could
return to string functions I have plan for that but did not have time, spend time with
malloc where its fuzzy what exactly should be implemented.

Possibly something in adding general safety features, I send several wip
patches for that.

When is a deadline?