Hi Norman,
I've sent an email with a proposed patch to bugs@genode.org.
/ptw
Hello Piotr,
On 05.11.20 14:00, Piotr Tworek wrote:
I've recently stumbled upon a use-after-free bug in one of the Genode core base classes. I think I have a pretty good understanding of the problem and would like to fill a bug report with my findings. Given the potential security implications of UAF type bugs I'm not sure what it the best course of action here. Should I report this using github issue tracker which AFAIU will result in the report being public? Or is there some other way to report bugs like this?
I greatly appreciate your sense of responsibility.
In cases like this, when the reach of the problem is uncertain, please let us first discuss the issue privately by writing to 'bugs@genode.org'.
All developers at Genode Labs can follow and participate in the discussion, and contribute to the assessment of risk and the further coordination.
Best regards Norman