Linked by Thom Holwerda on Tue 22nd May 2012 23:26 UTC
Internet & Networking "Just over two months ago, Chrome sponsored the Pwnium browser hacking competition. We had two fantastic submissions, and successfully blocked both exploits within 24 hours of their unveiling. Today, we'd like to offer an inside look into the exploit submitted by Pinkie Pie." A work of pure art, this. Also, this is not the same person as the other PinkiePie. Also also, you didn't think I'd let a story with a headline like this go by unnoticed, did you?
Permalink for comment 519113
To read all comments associated with this story, please click here.
RE[6]: Comment by Radio
by kwan_e on Wed 23rd May 2012 11:17 UTC in reply to "RE[5]: Comment by Radio"
kwan_e
Member since:
2007-02-18

YES! Because the LOGIC ERROR is about a MEMORY ACCESS ALGORITHM known to ANY C PROGRAMMER.


Really.

static uint32 ComputeMaxResults(size_t size_of_buffer) { return (size_of_buffer - sizeof(uint32)) / sizeof(T); }

So, say, Delphi, would prevent someone from making a mistake doing a subtraction and then a division, knowing what the calculation would be used for, would it?

size_of_buffer is an integer.
So is sizeof(uint32).
So is sizeof(T).

Are you seriously telling me there are programming languages out there that would actually tell the programmer "hey, did you know size_of_buffer you passed in was smaller than the size of uint32, and I checked every usage of ComputeMaxResults and I've noticed these unsafe uses?"

Reply Parent Score: 4