OSTIF (Open Source Technology Improvement Fund) has recently announced the completion of an independent audit project on the code of LLVM, a popular open-source project. The audit was carried out by the English company Ada Logics, with the goal of strengthening the security of the LLVM codebase.
During the audit process, the testing coverage of the code significantly increased from 1.1 to 2.4 million lines of code through fuzzing testing. The tools used for fuzzing testing were also expanded, and the number of fuzzing darts checked increased from 12 to 15.
As a result of the audit, 12 new problems were identified in the LLVM codebase. Eight of these issues were caused by errors leading to memory damage, six vulnerabilities led to buffer overflow, two resulted in accessing already released memory, and three involved selecting zero and one reading from the region outside the allocated buffer.