Struct packing, source listings and the Zen of preprocessed code.

It seems that no matter how good at people (definitely including me) are at writing buggy code they are much less adept at creating good reproduction cases or using their existing tools to figure out what’s going on.   A recent issue I saw involved a piece of C++ code where a struct was being…


SOLUTION : Spotting Code Defects #3 (C++ 101)

As always thanks to those that emailed responses.  Please feel free to post them in the feedback area too! The biggest problem with this piece of code is that the stream is not being checked for errors after reading.  Look at this block:     int age;     cin >> age;     people[name] = age; What…


Spotting Code Defects #3 (C++ 101)

This is an easy one – something for the C++ 101 kids J   When first learning C++ there are some fairly canonical samples people go through.  Hello World, a simple address book, a simple game of adventure, etc.   The name/age lookup sample is another one I see a lot.  It’s a great way…


SOLUTION: Spotting Code Defects #2 (Accessing Registry Values)

This defect seems to have led a few more people astray then the last.  While no one posted publicly several people emailed me solutions.  Thanks to all who contributed!   So let’s start with the hints:   Hint #1:  It is not only important to test return values, but also to make sure you understand…


HINT: Spotting Code Defects #2 (Accessing Registry Values)

There are a few defects here … ranging from a design issue to a potential buffer-overrun that could cause your system to be comprised and the attacker to be able to execute arbitrary code on your machine. Hint #1:  It is not only important to test return values, but also to make sure you understand…


Spotting Code Defects #2 (Accessing Registry Values)

Since there was positive feedback on the last one – here is another.  I will post hints and the solution next week.  There are multiple defects in this code. I added the _tmain to give some context on how the function getVersionString might be called.  The defects I’m interested in are in the function getVersionString….


SOLUTION: Spotting Code Defects – #1 (Named Pipe Server)

So the results are back – and that was some buggy code!   First I want to thank everyone who played along.  Both those that had the courage to post to the public comments and those that replied offline.   Also – before I go further – is this something people would like to see…


Spotting Code Defects – #1 (Named Pipe Server)

When you read bad code you learn what not to do.  You learn to identify the many classes of errors and the patterns that often lead up to them.   When you read good code you learn how to write good code.  You observe “tricks” of good programmers (the best tricks aren’t tricks at all),…