Seattle · Security & Vulnerability Research

I find memory-safety bugs by reading the code, and ship the fix upstream.

Security engineer at Amazon. I read production C/C++ and systems code looking for the one path that drifted from its safe siblings — a missing bounds check, an unchecked attacker-controlled index — then prove it with a sanitizer and send the patch upstream.

hemparekh1596@gmail.com github.com/Hem1700 linkedin
Selected findings

Heap out-of-bounds read in the Linux kernel's SMB server

Applied · stable

smb_check_perm_dacl() failed to verify an ACE was large enough to hold its declared sub-authorities, letting an authenticated client trigger an OOB read past the security-descriptor allocation. Fixed by adding the missing bounds check; Cc'd to stable.

linux · fs/smb/server/smbacl.c · ksmbd

Crashing PyTorch with a 176-byte model file

Open PR

An attacker-controlled class_type index from an untrusted flatbuffer was used in an unchecked operator[] and dereferenced — a crafted module passes the verifier yet SIGSEGVs. Fix routes both call sites through the bounds-checked accessor.

pytorch · torch/csrc/jit/mobile/flatbuffer_loader.cpp