lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: steve.wray at paradise.net.nz (Steve Wray) Subject: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > gabriel rosenkoetter [snip] > >Oh, give me a break. Some developer went, "Oh, hey, I'm not bounds >checking there. Okay, fix that," and the changes filtered out into >the release of IE. I'm curious. As a non-C programmer, is there ever a reason to *not* do bounds checking? (I mean outside of intensely performance critical applications like realtime control systems (which would probably be better in assembly anyway). I don't count an OS or a web browser as 'intensely performance critical'; they are, rather, 'intensely security and stability critical'). Thanks!
Powered by blists - more mailing lists