Hacker News new | past | comments | ask | show | jobs | submit login

Wow, just the process of sneaking in this exploit has layers. Here, it's the presentation of diffs with "+" and "-" line prefixes creating noise that's easy to miss. I bet we'll start seeing tools add a divider between the prefix column and the contents to make changes like this easier to spot.

That said, does GCC accept every non-printing character as whitespace? If not, they could probably have achieved the same thing with a narrow-nonbreaking-space character or similar.




I got curious, so:

     ~/t [main L|…1]$ gcc test.c
     ~/t [main L|…1]$ vi test.c
     ~/t [main L| 1…1]$ git diff
    diff --git a/test.c b/test.c
    index 33c14ce..dc93007 100644
    --- a/test.c
    +++ b/test.c
    @@ -1,3 +1,3 @@
     int main() {
    -    return 0;
    +   return 0;
     }
     ~/t [main L| 1…1]$ gcc test.c
    test.c:2:5: error: expected expression
        <U+0008>return 0;
        ^
    1 error generated.
So, yes, this could have been made to look exactly like a meaningless whitespace change.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: