Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Brendan Dolan-Gavitt Profile picture
@moyix
Sep 7, 2022 12 tweets 4 min read Read on X
Scrolly
Heyyy, so remember how I scanned all those x86-64 pkgs to see if they changed the behavior of floating point math related to handling of subnormal/denormals? And how I didn't bother to check other CPU archs because surely it was a weird x86 thing? Well...
Let's just take a quick look through the gcc source to see if there are any other implementations of crtfastmath.c, just to be safe. Oh. Oh no. Image
Well, probably they aren't setting CPU floating point state right? Let's just look at them one by one. How about sparc? Image
My sparc is a little rusty so let's check the manual to find out what "nonstandard" means... well this looks familiar. Bit 22, when set to 1, caus...
How about MIPS? Also enables flush-to-zero via a hardware register. Image
Alpha? Same story. Maps denorms to zero as well as underflowed outputs. Image
Itanium was Intel's famously ambitious (and failed) attempt to redesign an architecture from the ground up. Did they take the opportunity to fix this bit of global state? Nope. Image
[The comment above that constant is my own annotation; the original was undocumented, so I had to go to the IA64 manual to decode the bitfield.]
Loongson is a CPU architecture from China, that is pretty similar to MIPS, and indeed it is similar in this respect too: Image
But enough with all these old and weird obscure CPUs. How about ARM, which had shipped 100 billion chips as of 2017? I bet you can guess whether it, too, sets FTZ. (community.arm.com/arm-community-…) Image
Well, ARM is a product of its time (1985) and really a victim of its own success. When they had a chance to redo things in the move to 64-bit (AArch64), maybe they changed this? Welp. Image
In conclusion, I wish I hadn't looked

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Brendan Dolan-Gavitt

Brendan Dolan-Gavitt Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @moyix

Brendan Dolan-Gavitt Profile picture
Sep 5, 2024
OpenAI: pip install openai and set OPENAI_API_KEY
Anthropic: yea same but s/openai/anthropic/g
Google: oh boy. ok so you have a GCP account? no? ok go set that up. and a payment method. now make a "project". SURVEY POPUP! k now gcloud auth. wait you have the gcloud CLI right–
I haven't even mentioned the odd step of "enable the Vertex API in your project", or that when you finally get to "install the Python library" it kicks off another sidequest of installing something called the Vertex Python SDK and writing extra code to initialize it??
The gcloud CLI installer is now trying to con me into letting it install its own Python version. NICE TRY BUDDY
Read 7 tweets
Brendan Dolan-Gavitt Profile picture
Jul 15, 2024
Here's a quick tour through one of my favorites, where @XBOW not only solved the benchmark (a Jenkins RCE) but then went for style points by debugging a slightly broken benchmark setup to get the flag!
(Here's the full trace if you want to skip ahead: )xbow.com/#debugging--te…
It starts off with searchsploit since it's a known CVE, but then switches to writing its own exploit(!)
Image
Image
Read 9 tweets
Brendan Dolan-Gavitt Profile picture
Mar 8, 2024
I gave Claude 3 the entire source of a small C GIF decoding library I found on GitHub, and asked it to write me a Python function to generate random GIFs that exercised the parser. Its GIF generator got 92% line coverage in the decoder and found 4 memory safety bugs and one hang.
Here's the fuzzer Claude wrote, along with the program it analyzed, its explanation, and a Makefile: gist.github.com/moyix/02029770…
And here's the coverage report, courtesy of lcov+genhtml: moyix.net/~moyix/gifread/
Read 31 tweets
Brendan Dolan-Gavitt Profile picture
Nov 11, 2023
Some things I wish I had done differently (though overall I'm very pleased with how it came out):
1. Rent a bigger EC2 server. I was using a T2.micro which seemed like more than enough while I was testing. But with a bunch of teams hammering at it, the fact that it has only one CPU started to make things slow.
2. Kill the child procs (one is started for each new connection on the main port) after some idle time. As it was if there was a dangling connection it could sit there indefinitely; during the competition the load on the server went above 20 and I had to manually kill some procs.
Read 5 tweets
Brendan Dolan-Gavitt Profile picture
Nov 11, 2023
Will still try to do a blog post on my @CSAW_NYUTandon CTF challenge, NERV Center, but for now here's a thread explaining the key mechanics. I put a lot of work into the aesthetics, like this easter egg credit sequence (all ANSI colors+unicode text) that contains key hints:
@CSAW_NYUTandon (Note the karaoke subtitles timed to the credits at the bottom 😁)
@CSAW_NYUTandon First, the vulnerability. If you read the man page for select(), you'll see this warning: select() is limited to monitoring file descriptors numbered less than 1024. But modern systems can have many more open files, and importantly the kernel select() interface is NOT limited. DESCRIPTION WARNING: select() can monitor only file descriptors numbers that are less than FD_SETSIZE (1024)—an unreasonably low limit for many modern applications—and this limitation will not change. All modern applications should instead use poll(2) or epoll(7), which do not suffer this limitation.
Read 34 tweets
Brendan Dolan-Gavitt Profile picture
Nov 30, 2022
ChatGPT exploits a buffer overflow 😳

Image
Image
Image
One slight mistake here– it should be 36 A's, not 32. So we're still safe from AI hacking the planet.
I told it that wasn't quite right and it got it correct the next time, explaining that it had thought I wanted it to ignore EBP.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(