Spot the Bug!

It's been a little while since we've had a new bug up. We had some good feedback on the last one. Here is a shorter one: Courtesy of Shanit Gupta, Consultant (Foundstone) try { ElevatePrivilege(); ReadSecretFile(); LowerPrivilege(); } catch(FileException Read More...

If you haven't taken a look at the solution to the last bug, please do so. There were 4 bugs in that short chink of code -- all of which are found in Visual Studio 2005! One is issued as a compiler warning and the other 3 are found by PREfast. Here is Read More...

I created this bug a couple of weeks ago for a conference I spoke at to illustrate how so few lines of code could be so buggy. Where's the bug here? char dest[50], src[100]; int x, y; if (x=1) { strcpy(dest,src); dest[50] = '\0'; } return y; Solution: Read More...

I think the last bug stumped a few people. Can you find the security vulnerability in this one? Courtesy of Neelay Shah, Consultant, Foundstone #define STD_HASH_LEN 11 #define MAX_HASH_LEN 31 char * strPassHash = (char*)malloc(sizeof(char)*STD_HASH_LEN); Read More...