Buffer overflows are a *fantastic* reason to develop secure code linters. I'll l... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tptacek on Jan 19, 2011 \| parent \| context \| favorite \| on: Tarsnap critical security bug Buffer overflows are a fantastic reason to develop secure code linters. I'll let you know when we figure out how to make one that can count reliably.

cperciva on Jan 19, 2011 [–]

Make sure that it can also divide. My favourite Coverity glitch is when it looked at some IPv6 code and announced "assuming i % 8 != 0" and "assuming i == 128" at the same time. (And then claimed that we would access ipv6addr[16].)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact