@awruef @0xabad1dea @johnregehr code using "strcpy()" is broken regardless if there are any bugs related to 'strcpy()'
@ErrataRob @awruef @0xabad1dea @johnregehr I think you could make it clearer that you are pointing out code smells and not security props.
-
-
@ErrataRob @awruef@0xabad1dea@johnregehr Plus none of our in-house tools would choke on that code since we mostly use IR. -
@dguido @awruef@0xabad1dea@johnregehr High level static analysis should barf on assignment in expressions -
@dguido @awruef@0xabad1dea@johnregehr Low-level static analysis should barf on banned functions like strcpy() -
@ErrataRob@dguido @awruef@johnregehr ohhhhhh I think you are using that verb differently than we would -
@0xabad1dea@dguido @awruef@johnregehr Barf as spew lots of warning messages -
@ErrataRob@0xabad1dea@dguido @awruef@johnregehr yeah, I'm with "barf" being "stop working"... disregard what I said then! :D -
@lojikil@0xabad1dea@dguido @awruef@johnregehr sorry, I know what barf means to other people, I shoulda said spew -
@ErrataRob@0xabad1dea@dguido @awruef@johnregehr no worries;! I'm onboard with that tho, should be tons of (syntax-level) warnings/errors. - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.