× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2007

RE: How Secure is Windows, Really?

From: Walden H. Leverich


...are "buffer overruns", which are perhaps the
laziest programming mistake any programmer can make...


While perhaps a lazy mistake, they happen all the time, even on iSeries.
There have been several cases on this list alone where people have said
they have programA calling programB and they're passing field1 as a
parm, however when they return from the call field2 is changed, and it's
not a parm! It's always tracked down to an issue of programA defining
field1 as a 30-char field, but programB defining field1 as a 40-char
field. That, is a buffer overrun.

NB: I am _not_ saying that the result can be the same as on Windows.
Yes, the clear delineation of code and data on iSeries prevents a
data-change to a code page, but the lazy mistake happens all over the
place, and in many cases is really hard to prevent.


I'm going to have to start calling BULL, Walden.

This is actually not a buffer overrun.  This is field definition mismatch,
and while it has the same effect, it is the sort of thing that is almost
always found and fixed quickly, because the compiler typically does the copy
and the program fails pretty much the first time you use it.

A buffer overrun is more specifically a case of a program copying data past
the end of a buffer.  The better example in the i5/OS world is pointing an
API to a field and telling the API that the field is longer than it actually
is.  This is a bad thing, but it's the type of programming mistake that you
make once or twice when you're learning and then you stop making it.

But even those sorts of mistakes are forgivable; you transpose a couple of
digits and blammo you program fails.  Again, this typically happens the
first time you run the program.

The buffer overrun in Windows is a little different.  It is almost always a
concept of sending a stream file that is longer than the programmer expected
and the programmer being either too lazy or too inexperienced to check for
this condition.  You avoid this by putting a simple check in your index
increment to see if you're past the end of the buffer; leaving out that
check is criminally negligent.  It's this sort of witless, stupid
programming endemic to Microsoft that has lowered the overall quality of the
world's software and in turn reduced the productivity of corporations
globally.

And no, I'm not kidding.  Software as poor as Microsoft's (memory leaks,
bugs in the UI, lockups, and so on) would have gotten someone fired had they
written it in my department in the 80s.

Joe

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.