10 comments

[ 3.0 ms ] story [ 36.3 ms ] thread
This is a fantastic reverse-engineering writeup. It's always fun to see this kind of thing on HN.
I'm curious whether any of the standard source code analysis tools would have caught this.
I doubt it, as the buggy code wasn't nonsense in the usual sense.
But it was suspicious. Seeing

  1 * sizeof(int)
directly in the code, not in a macro expansion, in my book is somewhat suspicious (people could do that for symmetry in a series of similar lines of code), but

  whatever_count + x * sizeof(int)
could easily trigger a heuristic "thou shalt not add a count and a size"

The code does not even need to be smart enough to determine that "whatever_count" is used as a count; if it actually is a size, it is worth warning about, too, so a somewhat vague warning would, in my book, be fine.

That makes sense. If it's not there, it's probably something that should be added.
Me to. The compiler would need to output at any optimization passes which handle multiplication factorization, which could be quite lengthy!
Off-topic, but "put.as" to a Portuguese is like "hooke.rs" to an American/British. A great domain name for an "escort" service or porn site, I'll give you that :)
It's the same in Spanish, and it caught my eye as well.