[llvm-dev] "Trojan Source" response
Serge Guelton via llvm-dev
llvm-dev at lists.llvm.org
Mon Nov 1 13:38:22 PDT 2021
As a response to CVE-2021-42574, aka Trojan Source [0], several clang-tidy
passes are under review to detect (i) unterminated bidi characters (ii)
unicode identifiers with right-to-left direction and (iii) confusable
identifiers detections.
The LLVM security group got contacted three months ago on that topic, the
thread is now public [1].
Feel free to contribute to the review on Phabricator
https://reviews.llvm.org/D112913
https://reviews.llvm.org/D112914
https://reviews.llvm.org/D112916
[0] https://www.trojansource.codes/
[1] https://bugs.chromium.org/p/llvm/issues/detail?id=11
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20211101/5ddc94e4/attachment.html>
More information about the llvm-dev
mailing list