skip to content
Back to
Home Bounties Research Advisories CodeQL Wall of Fame Get Involved Events

July 07, 2020 - 11am PDT

LiveQL episode 1: finding non-intuitive string manipulation vulnerabilities in C code

Livestream — Virtual

We often see the same types of bugs repeated in code. What if we could detect an entire bug class and report all of its occurrences at once? What if we could automate this detection for any Pull Request so we can catch bugs before they ever enter your code?

In our LiveQL video series we pair a security researcher and an experienced CodeQL writer to explore a vulnerability class and capture its essence as a CodeQL query.

If you’re new to CodeQL, you will discover how to use it to automate and accelerate your variant analysis, and if you are already a CodeQL user, you’ll learn more about CodeQL libraries, debugging tips and tricks, and much more.

In this episode, we’ll explore how the non-intuitive return values of strlcat and strlcpy can lead to all sorts of problems in your code and how we can use a CodeQL query to detect potential issues in how these functions are used.

Watch the video

Join us on Tuesday July 07, 2020, at 11am PDT (Pacific Time) on

View event site
← Back to all events

To keep this community open and welcoming, please read our Code of Conduct.