Yesterday's thread with exploit code, enables any website to perform arbitrary code execution. Apple needs to fix this in iOS7, not force users to upgrade to iOS8 while it is still buggy.
Always check your arithmetic, always check your arithmetic, always check your arithmetic...
No, let's just keep repeating old classic bugs.
OpenBSD's reallocarray(3) is a step in the right direction, but I've always been concerned about the focus on multiplication; needing to allocate x*y+z bytes is a rather common pattern. I suspect there's still plenty of additive arithmetic that goes unchecked.
5 comments
[ 2.8 ms ] story [ 23.4 ms ] threadThat's what our lead C dev says. And I agree, as a C programmer.
https://news.ycombinator.com/item?id=8348843
No, let's just keep repeating old classic bugs.
OpenBSD's reallocarray(3) is a step in the right direction, but I've always been concerned about the focus on multiplication; needing to allocate x*y+z bytes is a rather common pattern. I suspect there's still plenty of additive arithmetic that goes unchecked.
https://github.com/feliam/CVE-2014-4377
http://blog.binamuse.com/2014/09/coregraphics-memory-corrupt...