Browse by Tags

Tagged Content List
  • Blog Post: SafeInt Compiles on gcc!

    [update 12-1-08] I now have it completely compiling on gcc, with a test harness that exercises every method of the class for every combination of types (all 15 of them). Version 3.0.12p is now moved to release status. Once I got SafeInt posted on CodePlex, Niels Dekker grabbed a copy and started figuring...
  • Blog Post: Ptrdiff_t is evil

    Well, not really, but here's a code problem that confounded some really smart devs – and it looks so simple! void IncPtr( unsigned int cElements ) { if( m_pMax - m_pCurrent > cElements ) m_pCurrent += cElements; else throw; } OK, so here's the question – if an error has happened...
  • Blog Post: More on Checking Allocations

    Seems my last post met with some objections – somewhat rightfully so, as I mischaracterized one of Tom's points – he never advocated just not checking for allocations, but instead to use an allocator that has a non-returning error handler – though it seems some of his commentors were advocating that...
  • Blog Post: Checking Allocations & Potential for Int Mayhem

    Must be synchronicity. I started out the day with a really interesting mail from Chris Wysopal talking about how allocations can go wrong, fun with signed int math, and the new[] operator. Once I got done responding to Chris, I then notice Robert Hensing's blog pointing me to Thomas Ptacek's comments...
  • Blog Post: More Checking for Pointer Math

    Someone pointed out that it isn't sufficient to check for whether the pointer math wrapped, but that we also need to check that the resulting pointer is in our buffer. They then came to the possibly erroneous conclusion that really all you had to do was to check whether the resulting index was in range...
  • Blog Post: Evil Compiler Tricks, and Checking for Pointer Math

    My favorite programming geek hobby being integer overflows, this caught my eye – "gcc silently discards some wraparound checks" http://www.kb.cert.org/vuls/id/162289 Basically, what it says is that code which looks like this: ============ snip ============== char *buf; int len; gcc will assume...
  • Blog Post: MulDiv Mayhem

    Here's another episode in my ongoing quest to stamp out integer overflows. MulDiv is a Windows API that was around before we had 64-bit integers as native types. MulDiv is defined like so: int MulDiv(int a, int b, int c) Ironically, the problem it's trying to get around is integer overflows. If...
  • Blog Post: Unsafe String Handling with strncpy

    I recently ran into a piece of code that looked like this: int len = cchIn; strncpy(dest, src, len - 1); This is bad, because strncpy is defined as so: char *strncpy( char * strDest , const char * strSource , size_t count ); The original complaint was that we were passing a signed int...
  • Blog Post: Templatized Min/Max Solved!

    I had some time to think about the overall problem, and had originally thought of a functional approach, like so: template <typename R, typename T, typename U> R Max(T t, U u); This has all the information we need to check for truncation on return, but it requires that the programmer know...
  • Blog Post: Templatized Min/Max is a bad idea!

    Ah, back to nice geeky C++ programming topics, which is much more fun than angry customer topics… Some well-meaning soul wrote this: template<typename T, typename U> T TMax(T t, U u){ return t > u ? t : u; } Let me count the bugs – first of all, it still runs afoul of the normal problem...
  • Blog Post: Safebool

    My last post triggered a couple of responses and a URL I thought would be good to not get lost in the comments. Check out http://www.artima.com/cppsource/safebool.html . As I was saying a couple of posts ago, the right tool is usually situational. In my case, things like SafeInt<int>(2) <<...
  • Blog Post: C++ operator overloading trivia

    Learned something interesting this week that I'll be working into SafeInt 3. It all started out because if you declare a SafeInt class instance, and then try to use it as an array index, the compiler can't figure out which of the several available integer casts to use for the index. According to the...
  • Blog Post: Even More Cool Integer Tricks

    OK, so this is just utterly geeky, and would really only come in handy if you're writing something like SafeInt – How to tell if a numeric template type is a bool at compile time: isBool = ((T)1 == (T)2) if type T is a bool, then this is true, else it's an int. How to tell if a type is an...
  • Blog Post: More Fun with Integers

    Just a quick note this morning to share something I found while finishing up SafeInt 3.0. This is something more helpful with 64-bit porting than with general security, though it does have some security side effects. Warning - heavy C++ programming geek content ahead - If you declare a function like...
Page 1 of 1 (14 items)