Re: opinion, ACM Queue: Buffer Overrun Madness

[der Mouse <mouse () Rodents Montreal QC CA>]

> Sure, it doesn't overflow into the stack, but it overflows into
> important data.  And if you want to go further into insanity, you can
> manufacture a case where character 11 being lower case causes
> unwanted code to be executed (no default condition in a 'case'
> statement, no good error handling, etc).

This is not as far-fetched as you make it sound.  I actually ran into
something not too dissimilar in the wild.

Back in the late '80s, I had the dubious pleasure of tracking down the
bug responsible for a mail UA breaking overnight, on a machine that was
completely untouched - nothing at all had run, not even (the local
equivalent of) cron jobs.

It turned out to break as soon as the day number had two digits in a
month whose full name was only three characters long.  It broke
overnight between May 9 and May 10.

Y'see, what happened was, one piece of code formatted the date in the
form "Fullmonthname DD" - two-digit day, with a leading space for days
1 through 9, and the month name in full.  Then another piece of code
converted this to the short form by skipping three characters in,
dropping a terminator, looking for the next space, and picking up the
day number from there.  Most months, this worked fine.  May 1 through
9, it worked, because the leading space on the day number stopped the
scan.  But May 10, the 10 was mistaken for the rest of the month name,
the parser got confused, and things went downhill from there.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               [EMAIL PROTECTED]
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B