Hi, my name is 李秋豪 (lǐ qiū háo), a script kiddie who wants to be a hacker.

Now I am doing a master’s degree in cyberspace security at Harbin Institute of Technology.

My main interests are vulnerability discovery and virtualization.

News:

• Aug 2021
  • [Vulnerability Disclosure] QEMU/ehci: Reentry flaw leads to UAF .txt
• Jul 2021
  • [Chinese Note] 调研报告：并行与集成模糊测试 v0.2.0 .pdf
• Apr 2021
  • [Patch] SPICE/libspice-server: Fix nullptr dereference in red-parse-qxl.cpp freedesktop.org
• Mar 2021
  • [Chinese Note] QEMU/fuzz: 通过配比IO操作符权重以提升fork(2)质量 .pdf
• Feb 2021
  • [Vulnerability Disclosure] FFmpeg/libavcodec: Double free hevc context .txt
  • [Vulnerability Disclosure] GNOME/libgxps: Mishandle NULL pointer in the converter .txt
  • [Presentation] Practical Tutorial: A script kiddie’s fuzzing trip .pdf
• Jan 2021
  • [Bug Report] GNU Coreutils: Heap underflow when expr(1) mishandles unmatched \(...\) in regular expressions github.com
  • [Patch] QEMU/rtl8139: Mitigate DMA to MMIO regions while fuzzing .txt
• Dec 2020
  • [Fuzzing] QEMU/oss-fuzz: improve crash case minimization lists.nongnu.org
  • [Bug Report] qemu-system-i386 virtio-vga: Assertion in address_space_stw_le_cached failed again bugs.launchpad.net
• Oct 2020
  • [Paper Review] USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation .txt
  • [Vulnerability Disclosure] QEMU/Slirp: OOB access while processing ARP/NCSI packets .txt
• Jan 2020
  • [Project] Hack-Linux-0.11: Ancient OS labs github.com
• Obsolete
  • [Chinese Blog] 博客园（主要记录了我的本科学习与生活） cnblogs.com
• Eternal
  • [Links] Some of my homies :) .txt
  • [Album] Life is fantastic! img/

Contact:

• [PGP Key ID] 0x97D8EBB963859868
• [Email] Qiuhao DOT Li AT outlook DOT com