The GMP library uses asserts to crash a program at runtime when presented with data it did not anticipate. The library also ignores user requests to remove asserts using Posix's -DNDEBUG. Asserts are a debugging aide intended for development, and using them in production software ranges from questionable to insecure.
0ea40e7538d79e469e463d38a347c76e3de72e41c94a58fb82435611a73a68ac
This paper offers incremental research in the area of untrusted program input via synchronization handle manipulations. Unlike the Michal Zalewski paper on Delivering Signals for Fun and Profit, this paper focuses on the source of the Unix signal handlers. Tested were personal computers running Windows XP and Vista. The synchronization objects were mutexes and events, and the security software included products from AVG, Avast, Avira, BitDefender, BullGuard, CheckPoint, Eset, F-Prot, F-Secure, Kaspersky, McAfee, Microsoft (Security Essentials), Nor- man, Norton, Panda, PC Tools, Quick Heal, Symantec, and Trend Micro.
18409a8b03683d7197b587b4852f899980f92cd46bb417ee6903700ce8d70d62