Each of these came from manual source review — diffing a function against its safe siblings and git history, hypothesizing the missing invariant, then confirming with a sanitizer and shipping the patch upstream.
smb_check_perm_dacl() failed to verify an ACE was large enough to hold its declared sub-authorities, letting an authenticated client trigger an OOB read past the security-descriptor allocation via a crafted ACL stored with SMB2_SET_INFO and read on a later SMB2_CREATE. Fixed by adding the missing bounds check before dereference; Cc'd to stable.
An attacker-controlled class_type index parsed from an untrusted flatbuffer model was used in an unchecked operator[] and dereferenced — a wild pointer dereference reachable from torch.jit.load. The FlatBuffers verifier validates structure but not this cross-reference, so a crafted module passes verification yet SIGSEGVs. Fix routes both registration sites through the bounds-checked accessor with a null guard.
parse_authority() normalized the URL before decoding, so a %2e-encoded host could bypass the SSRF filter. Responsibly disclosed and under review.
ntfs_readdir() dereferenced an unvalidated on-disk entries_offset, attacker-reachable via getdents64() on a read-only mounted image. Fixed by validating the offset before dereference; submitted to linux-fsdevel.