Secure Coding mailing list archives
Re: C: initializing automatics
From: Andreas Saurwein <saurwein () uniwares com>
Date: Fri, 05 Dec 2003 02:48:17 +0000
At 3/12/2003 20:32 Wednesday, you wrote: Given your example I can see a typical severe flaw: parameters. The function accepts all parameters without validating their value. This is the same error which leads to buffer overflows. While it may not be critical with double values for a math function (besides of a possible /0 error), it is critical for any application which deals with values which may be out of range. Never trust that only and always valid parameters are passed. 2 things. This function is in a library. One of the applications that uses this library will potentially call this function 500 x 80 x 1,000,000 times (a credit risk monte carlo simulation). This function needs to be as fast as possible. 2) If you pass bad values in, the *WORST* that can happen is that you get a NAN return value. In our application, this can be a *VALID* result - ie, we expect that the function may return NAN and treat it appropriately. As I said, this may be not important for this very special function, although the function seems to have not even debug checks/assertions. Your mentioning of calling that function zillions of times, is not a valid point. Many operating system functions are called equally often, but you would not want them to accept any input. It depends for every function in which context it may be called, from where the parameters may come and what consequences wrong parameters may have inside the function and outside it. The point which is important for this class of errors, is that the programmer is aware of it. Even more, when the function is to be used in a library and the programmer can not predict the calling function nor the parameters. Programming with security in mind is a habit, not a blessing or a necessity. Andreas
Current thread:
- Re: C: initializing automatics Brett Hutley (Dec 03)
- <Possible follow-ups>
- Re: C: initializing automatics Andreas Saurwein (Dec 04)