lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <f3ddb5d04092512416a632e11@mail.gmail.com>
From: gimmespam at gmail.com (Troy)
Subject: Windoze almost managed to 200x repeat 9/11

On Sat, 25 Sep 2004 10:35:34 -0400, joe <mvp@...ware.net> wrote:

> Even if there was poor function documentation, if you have a function, any
> function returning a constantly increasing counter you know, as a skilled
> programmer, that eventually it has to do something other than increase.

In this case, the function is very well documented.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sysinfo/base/gettickcount.asp

>From the documentation, "The elapsed time is stored as a DWORD value.
Therefore, the time will wrap around to zero if the system is run
continuously for 49.7 days.

"If you need a higher resolution timer, use a multimedia timer or a
high-resolution timer."

Even without that documentation, common sense would tell you that it
will only count for up to 49.7 days. The function returns a DWORD. The
largest number that can be held by a DWORD is FFFF FFFF or
4,294,967,295 decimal. Since you know those are milliseconds, divide
by 1000 to get seconds, then by 60 for minutes, 60 again for hours,
and 24 for days and you get just over 49.7 days (or just go to
http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=4294967295+milliseconds+in+days).

You can't blame the OS. The developers of the application used an
obsolete API call that was probably only left in for older
applications. Sure, there have been times when Microsoft programmers
have screwed up, but this is not one of them. Microsoft clearly
documented it as a DWORD with a finite value.

I think the worst thing about this is that the FAA and the developers
of the app knew about the problem for quite some time, knew what the
problem was, and, rather than fix the code, they just rebooted the
system to work around it and ignored the main problem.

--
Troy

Powered by blists - more mailing lists