Linked by Thom Holwerda on Thu 23rd May 2013 23:22 UTC
X11, Window Managers "Ilja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way various X client libraries handle the responses they receive from servers, and has worked with X.Org's security team to analyze, confirm, and fix these issues."
Thread beginning with comment 562576
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Overflowing
by moondevil on Fri 24th May 2013 05:45 UTC in reply to "Overflowing"
Member since:

Use a proper systems programing language and make C and C++ join PL/I.

Failing that, only -Wall -Wpedatic -Werror, Lint and code review can help.

Reply Parent Score: 3

RE[2]: Overflowing
by Neolander on Fri 24th May 2013 06:08 in reply to "RE: Overflowing"
Neolander Member since:

Can you think of such a language, whose implementations are fast enough for graphics-intensive work, and which interfaces well with other languages, though?

Without the former requirement, a number of core C/C++ libraries will always be required. Think of OpenGL itself, as an example, and often that alone is not enough.

Without the latter, you can make the most beautiful library in the world, but it will still largely fade into irrelevance, since only users of the programming language you have written it in can use it.

Edited 2013-05-24 06:09 UTC

Reply Parent Score: 2

RE[3]: Overflowing
by moondevil on Fri 24th May 2013 06:33 in reply to "RE[2]: Overflowing"
moondevil Member since:

Ada, Modula-2, Extended Pascal, ....

When I started coding in 1986, C was the language used to code for in the UNIX operating system, that was about it.

As for the C ABI, this is only relevant in the cases where the operating system ABI happens to be C compatible.

In the old days, C ABI was only relevant in the UNIX world.

z/OS, Symbian and the COM changes in Windows are a few examples of non C ABI compatible systems.

Reply Parent Score: 3

RE[3]: Overflowing
by kug1977 on Fri 24th May 2013 06:37 in reply to "RE[2]: Overflowing"
kug1977 Member since:

You may have a look on Ada, which checking ranges by definition, is fast enough to work in real time systems, tasking, packaging and OOP is a native part of the language and it is designed to work well with other languages like C/C++. There is a Interface for OpenGL libraries all ready to use.

And if you want to check for programming errors more complicated to find like the posted one, you may have a look on SPARK, which is a subset of the Ada language to program with contracts and automatically prove your code as error free.

Reply Parent Score: 2