libplist 6e03a1df: actually not directly pointers-are-hard-related: validate xml structure
Note that the folks doing this were prolific. None of these were particularly impressive in isolation, what’s impressive is the sheer volume of fixes. In pretty much every major library where you’d expect vulns to exist but not have been caught yet due to a lack of eyes, there are 2-5 fixes.
Sure, I think it might be in poor form to give an exhaustive list of such commits, but here’s a fairly representative sample:
ffmpeg 3e8bec78: buffer overflow
ffmpeg 55bf0e6c: use after free
ffmpeg 39e19693: buffer overflow
libxml2 538b2e38: integer overflow which allows out-of-bounds write
libxml2 edb5f22d: null pointer dereference
libpng 747dd022: null pointer dereference
libplist 6e03a1df: actually not directly pointers-are-hard-related: validate xml structure
Note that the folks doing this were prolific. None of these were particularly impressive in isolation, what’s impressive is the sheer volume of fixes. In pretty much every major library where you’d expect vulns to exist but not have been caught yet due to a lack of eyes, there are 2-5 fixes.