https://miscreants.github.io/blog.trailofbits.com/categories/c/c++/Recent content in c/c++ on The Trail of Bits BlogHugoen-usTue, 16 Dec 2025 00:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/12/16/use-gwp-asan-to-detect-exploits-in-production-environments/Tue, 16 Dec 2025 07:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/12/16/use-gwp-asan-to-detect-exploits-in-production-environments/GWP-ASan is a sampling-based memory error detection tool that catches critical bugs like use-after-free and buffer overflows in production environments with near-zero performance overhead, unlike AddressSanitizer which is too resource-intensive for deployment.https://miscreants.github.io/blog.trailofbits.com/2025/09/25/taming-2500-compiler-warnings-with-codeql-an-openvpn2-case-study/Thu, 25 Sep 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/09/25/taming-2500-compiler-warnings-with-codeql-an-openvpn2-case-study/We created a CodeQL query that reduced 2,500+ compiler warnings about implicit conversions in OpenVPN2 to just 20 high-priority cases, demonstrating how to effectively identify potentially dangerous type conversions in C code.https://miscreants.github.io/blog.trailofbits.com/2023/12/06/publishing-trail-of-bits-codeql-queries/Wed, 06 Dec 2023 08:30:25 -0500https://miscreants.github.io/blog.trailofbits.com/2023/12/06/publishing-trail-of-bits-codeql-queries/We are publishing a set of custom CodeQL queries for Go and C. We have used them to find critical issues that the standard CodeQL queries would have missed. This new release of a continuously updated repository of CodeQL queries joins our public Semgrep rules and Automated Testing Handbook in an effort […]