Lmst

Recent addition to the Newton Glossary describing the “Year 2040 Problem”.

#AppleNewton
#RetroComputing
#IntegerOverflow

https://newtonglossary.com/terms/year-2040-problem

my #Duolingo streak resets tomorrow
https://invite.duolingo.com/BDHTZTB5CWWKSPZ3LKYJG3KDQE?v=sp

I'm on a
1111
day learning streak!
🔥
duolingo

@Configures ...And Red Lion has released updates for Crimson 3.1 and 3.0 if you don't want to upgrade, or for hardware that needs older versions.

Lesson to all coders - when you use a computer to count, take a moment to think about what happens when you run off the end of what you're counting with. Different languages and systems do different things, it may not be a problem - but spend the time to think about it, rather than just assuming it will count forever. #RedLion #Epoch #IntegerOverflow

Apple Products Remote Code Execution Vulnerability Report CVE-2024-1580 Integer Overflow in dav1d AV1 Decoder

Date: February 16, 2024
CVE: CVE-2024-1580
Sources: CVE.mitre.org, GitHub Advisory Database

Issue Summary

CVE-2024-1580 identifies a critical integer overflow vulnerability within the dav1d AV1 decoder. This issue arises when processing videos with large frame sizes, potentially leading to memory corruption within the decoder.

Technical Key findings

The vulnerability specifically affects the decoding process for large video frames in the dav1d AV1 decoder, where improper handling of size calculations can lead to integer overflow.

Vulnerable products

All versions of the dav1d AV1 decoder before 1.4.0 are affected by this vulnerability. Including but not limited to:

macOS Sonoma 14.4.1
macOS Ventura 13.6.6
Safari 17.4.1

But also

VideoLAN Project (VLC player)

Impact assessment

Successful exploitation could result in memory corruption, which might allow an attacker to execute arbitrary code or cause a denial of service (DoS) condition on the targeted system.

Patches or workaround

Users are advised to upgrade to version 1.4.0 or later of the dav1d AV1 decoder to mitigate this vulnerability.

Tags

#CVE-2024-1580, #dav1d, #AV1decoder, #integerOverflow, #Apple #VLC #videolan

@Configures
Red Lion released an update to the latest version of their Crimson 3.2 configuration software last night, less than 24 hours after the rollover event. That fix will be backported to previous versions by mid-next-week.
Kudos to Red Lion for their quick response - now it's time to start installing updates!
#RedLion #Epoch #IntegerOverflow

Red hot news on clock reset (32-bit unsigned integer overflow): Today, Red Lion automation controls system HMI clock issue! Users of certain Red Lion terminals are finding their units have frozen. When reset, they're coming back like it's Jan. 1, 1997, causing incorrect logs and other issues. The vendor is Red Lion and they are investigating. Customers may have to schedule service calls (in the field) to fix the issue. #RedLion #Epoch #IntegerOverflow Busy times for #Jenariah!

@DrHyde I'd argue it's the second #IntegerOverflow test. Might have been signed!

Congratulations to #duolingo on passing the first #IntegerOverflow test!

Hurrah for me! A 2⁸ day streak on Duolingo!

Jetzt patchen! Attacken auf Google Chrome | heise online
https://heise.de/-9542935 #Webbrowser #Browser #Chrome #Sicherheitslücken #Speicherfehler #IntegerOverflow

#Apple #iOS15 update (15.8) is available against "an app may be able to execute arbitrary code with kernel privileges" ...

https://support.apple.com/en-us/HT213990

#CVE2023_32434 #integerOverflow #vulnerability

@hywan gcc is not wrong though. You need to check upfront with a decent bounds check that what you will do is OK in C, rather than do it, then see if something undefined happened.

Unfortunately there weren't good tools in the C or C++ stdlib to do checking for a long time.

For C++: https://learn.microsoft.com/en-us/cpp/safeint/safeint-library

C from c23 has builtins to do this, and each common compiler does too:
https://stackoverflow.com/questions/199333/how-do-i-detect-unsigned-integer-overflow

#IntegerOverflow #UndefinedBehavior #C #CPP