Linked by Thom Holwerda on Thu 23rd May 2013 23:22 UTC
X11, Window Managers "Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues."
Permalink for comment 562574
To read all comments associated with this story, please click here.
RE: Overflowing
by Brendan on Fri 24th May 2013 04:25 UTC in reply to "Overflowing"
Brendan
Member since:
2005-11-16

Hi,

Surely there should be some automated process just to go through and check for this kind of fundamental error.


The problem is that for some languages (C, C++) it's impossible to (e.g) tell the difference between a potential overflow that can't happen, an intentional potential overflow that is meant to happen, and an erroneous potential overflow.

For a simple example consider this:

int foo(int b, int c) {
int a = b + c;
return a;
}

This is a potential overflow, but can it happen (you'd have to analyse all the callers to determine the range/s of values that might be passed), and if it can happen is it intentional?

The other problem is that these languages don't support range limiting. For example, you can't do something like "typedef int range 1 to 12 monthType;". This means that if you solve the first problem you still can't determine when something is out of range.

The end result is that it's impossible for a tool to detect when a programmer has failed to validate data from an external source.

- Brendan

Reply Parent Score: 3