Memory safety in memory-unsafe languages. We've had Valgrind and ASan for a whil... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

pcwalton on May 27, 2013 | parent | context | favorite | on: You are dangerously bad at cryptography

Memory safety in memory-unsafe languages. We've had Valgrind and ASan for a while, and people still find crippling bugs in C and C++ code all the time.

XSS vulnerabilities. Maybe Content Security Policy will help some here when it becomes ubiquitously available.

Integer overflow. This is a particularly insidious problem because your well-formed test cases often won't catch it.

jimmaswell on May 27, 2013 [–]

Here's a gem from an attempt to fix an integer overflow vulnerability in the PHP compiler:

if (size > INT_MAX) return NULL;

http://use.perl.org/use.perl.org/_Aristotle/journal/33448.ht...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact