On Wednesday 07 June 2006 06:48 pm, Gabriel Sechan wrote:
> From: Tracy R Reed <[EMAIL PROTECTED]>
>
> >Does qmail or any other "bug free codes" written by arrogant programmers
> >implement a binary search or merge sort? Any programs somehow use a sort
> > in some way that might affect security? I wonder if any fun can be had
> > with this... Of course you need to introduce a billion elements to be
> > sorted so it might be a bit hard to exploit but you never know!
> >
> >http://googleresearch.blogspot.com/2006/06/extra-extra-read-all-about-it-n
> >early.html
>
> He's wrong about the results of the bug- he says in C it overflows by
> going to an invalid index via underflow. In C, you'd use an unsigned int
> (does Java have this?) thus wouldn't go to a negative index (although it is
> still a bug, it won't crash the app. It may infinite loop). IF a variable
> is supposed to be a loop index, it should always be unsigned in any
> language.
>
> Gabe
Why?
#include <stdio.h>
int main(int argc, char** argv) {
int i;
for(i=-10; i<10;i++) {
printf("%d\n", i);
}
return(0);
}
BobLQ
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-lpsg
