@staatsgeheim @canadianbryan No, this is a bug, and a security bug at that.
@staatsgeheim @canadianbryan
int main()
{
char buf[snprintf(0,0,"%d",rand())+1];
srand(1);
sprintf(buf,"%d",rand());
}
-
-
@staatsgeheim@canadianbryan This is a strictly conforming C program (mod#include not fitting in tweet) that breaks dangerously on OpenBSD. -
@staatsgeheim@canadianbryan Similar examples can be made with real-world simulations done in two passes, but don't fit in 140 chars. -
@staatsgeheim@canadianbryan In particular 2-pass encoding with mplayer is broken with -vf noise; each pass sees different frames. -
Tweet unavailable
-
@staatsgeheim@canadianbryan They broke valid correct programs for a false sense of fixing hopelessly broken ones. -
Tweet unavailable
-
@staatsgeheim@canadianbryan No, they weren't. rand() is for REPRODUCIBLE, DETERMINISTIC prng use. Anything using it for entropy is broken. -
@staatsgeheim@canadianbryan Things like random image generators where you want to reproduce the same image with the same seed. - 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.