Integer overflow in the new[] operator

Integer overflows are becoming a new security attack vector. Mike Howard’s article discusses some of the ways you can protect yourself against integer overflow attacks. One attack vector he neglects to mention is integer overflow in the new[] operator. This operator performs an implicit multiplication that is unchecked: int *allocate_integers(int howmany) { return new int[howmany];…


Ikea walk-through

Jeff Davis tipped me off to this Ikea walk-through. Frustratingly, the walkthrough doesn’t include any cheat codes. Even though Ikea was founded by a Swede, its company colors match the Swedish national colors, all its product names are Swedish, and it is clearly associated with Sweden in the minds of everyone, it is in fact…


Another reason not to do anything scary in your DllMain: Inadvertent deadlock

Your DllMain function runs inside the loader lock, one of the few times the OS lets you run code while one of its internal locks is held. This means that you must be extra careful not to violate a lock hierarchy in your DllMain; otherwise, you are asking for a deadlock. (You do have a…


Passenger announcements in the airport

While in Seattle-Tacoma International Airport yesterday, waiting for my flight to eventually be cancelled due to weather, then waiting for a replacement itinerary (um, the weather is the same at the destination; doesn’t matter which plane you take), then waiting for the replacement to be cancelled also (wow imagine that), I heard an announcement on…


Some reasons not to do anything scary in your DllMain

As everybody knows by now, you’re not supposed to do anything even remotely interesting in your DllMain function. Oleg Lvovitch has written two very good articles about this, one about how things work, and one about what goes wrong when they don’t work. Here’s another reason not to do anything remotely interesting in your DllMain:…


Undermining your own proclamation

I’m pulling for the Mars rovers as much as the next geek, but you still have to scratch your head at the following statement: Charles Elachi, the JPL director, said: “I am completely confident, without any hesitation, that I think we will get that rover back to full operation.” So he’s absolutely sure that he…


Blog going on autopilot for a while

I will be out of town for a few weeks, so I have set my blog on autopilot. There will still be an article every weekday at 7am Pacific time (assuming the autopilot machine doesn’t suffer a power outage or something), but I won’t be around (much) to respond to comments.


The hollow brush

What is the hollow brush for? The hollow brush is a brush that doesn’t do anything. You can use it when you’re forced to use a brush but you don’t want to. As one example, you can use it as your class brush. Then when your program stops responding and Windows decide to do the…


David Hasselhoff’s daughters normal in every way

(Forwarded to me my a friend who is apparently fascinated with David Hasselhoff.) David Hasselhoff says his daughters hate his music and change the channel whenever Knight Rider comes on the TV. Okay, I defended the Germans last week, but this one baffles even me. Do the Germans not realize that David Hasselhoff is a…


German as RPN

It should be noted that “Reverse Polish Notation” is named in honor of the Polish logician Jan Lukasiewicz, who developed prefix notation, wherein the operator comes before the operands. Postfix notation proved more useful for stack-based arithmetic computations, and so the opposite of prefix notation came to be known as “Reverse Polish Notation”. It was…