Top bug-hunters
The following individuals have been awarded Tarsnap bug bounties:
| Name |
Total value |
Number of bounties |
| Ralph Corderoy |
$1029 |
140 |
| Taylor R Campbell |
$500 |
1 |
| Carlo Teubner |
$190 |
7 |
| Tavis Ormandy |
$100 |
1 |
| Ian Gallagher |
$100 |
1 |
| Ralph Smith |
$100 |
1 |
| Scott Newell |
$38 |
29 |
| Shachaf Ben-Kiki |
$30 |
21 |
| Tim van der Molen |
$30 |
3 |
| Michael Stevens |
$12 |
3 |
| Brian St. Pierre |
$25 |
7 |
| Ville Aine |
$21 |
3 |
| Michael Stevens |
$12 |
3 |
| Jeff Flowers |
$10 |
1 |
| Jim Apple |
$7 |
7 |
| Eitan Adler |
$5 |
5 |
| Nathan Baum |
$5 |
1 |
| Hasnain Lakhani |
$4 |
4 |
| Lars Balker Rasmussen |
$3 |
3 |
| Zachary Burt |
$2 |
2 |
| Christian Brueffer |
$2 |
2 |
| David Browne |
$1 |
1 |
Major bugs ($500+)
Minor bugs ($20-499)
| Name |
Value |
Fixed in |
Bug |
| Tavis Ormandy |
$100 |
1.0.31 |
Race condition in key file creation with weak umask |
| Ian Gallagher |
$100 |
n/a |
Missing HTML encoding in web interface |
| Ralph Smith |
$100 |
1.0.32 |
Broken --nodump handling on Linux |
| Ralph Corderoy |
$50 |
1.0.30 |
Tarsnap ships with unused parts of libarchive |
| Ralph Corderoy |
$50 |
1.0.30 |
readdir failure can result in files/directories being silently not archived |
| Ralph Corderoy |
$50 |
1.0.30 |
Incorrect overflow handling when parsing base-10 values in mtree files |
| Ralph Corderoy |
$50 |
1.0.30 |
Incorrect overflow handling when parsing base-16 values in mtree files |
| Ralph Corderoy |
$50 |
1.0.30 |
Failure to parse base-16 values in mtree files |
| Ralph Corderoy |
$50 |
1.0.30 |
Missing handling of chdir errors when completing directory tree traversal |
| Ralph Corderoy |
$50 |
1.0.30 |
UTF8-to-wchar_t conversion can walk past the end of a corrupt string |
| Carlo Teubner |
$50 |
1.0.30 |
Incorrect handling of ~ in tarsnap -s path substitutions |
| Carlo Teubner |
$50 |
1.0.30 |
Possible cachedir corruption if tarsnap is killed at the wrong time |
| Carlo Teubner |
$50 |
1.0.31 |
Possible tarsnap crash in @archive processing with truncated ISO |
| Ralph Corderoy |
$20 |
1.0.30 |
Build breakage with out-of-directory builds |
| Ralph Corderoy |
$20 |
1.0.30 |
keygen/keyregen fails incorrectly with --machine '' |
Harmless bugs ($10-19)
| Name |
Total Value |
Number of bounties |
| Ralph Corderoy |
$560 |
56 |
| Carlo Teubner |
$40 |
4 |
| Tim van der Molen |
$30 |
3 |
| Brian St. Pierre |
$20 |
2 |
| Ville Aine |
$20 |
2 |
| Shachaf Ben-Kiki |
$10 |
1 |
| Jeff Flowers |
$10 |
1 |
| Michael Stevens |
$10 |
1 |
| Scott Newell |
$10 |
1 |
Cosmetic errors ($1-9)
| Name |
Total Value |
Number of bounties |
| Ralph Corderoy |
$79 |
75 |
| Scott Newell |
$28 |
28 |
| Shachaf Ben-Kiki |
$20 |
20 |
| Jim Apple |
$7 |
7 |
| Eitan Adler |
$5 |
5 |
| Brian St. Pierre |
$5 |
5 |
| Nathan Baum |
$5 |
1 |
| Hasnain Lakhani |
$4 |
4 |
| Lars Balker Rasmussen |
$3 |
3 |
| Zachary Burt |
$2 |
2 |
| Michael Stevens |
$2 |
2 |
| Christian Brueffer |
$2 |
2 |
| Ville Aine |
$1 |
1 |
| David Browne |
$1 |
1 |