Could libelfin benefit from free security help?

[Amir-Montazery]

Hello libelfin community! Open Source Technology Improvement Fund is piloting out helping critical projects like libelfin with their security needs. We have some resources dedicated to helping improve security posture and tooling. I wasn't sure how best to reach out. Please let me know if this sounds interesting and who to connect with. Thank you in advance!

[darealshinji]

That would be good. The project is easy to use but seems to suffer from many unfixed security issues.

Update: adding GCC builtins to do overflow checks and similar checks might help:
https://gcc.gnu.org/onlinedocs/gcc/Integer-Overflow-Builtins.html