Differences

This shows you the differences between two versions of the page.

--- secure_programming [2012/09/30 22:05] – created javapimp
+++ secure_programming [2023/08/18 18:15] (current) – external edit 127.0.0.1
@@ Line 10: / Line 10: @@
     * Once the error condition is handled, the developer must "ramp up" again on where he left off on the "good" path.
     * It becomes very tempting to put off error handling to later, at which point it is easily neglected.
+If you are going to put off error handling, don't just put in a "TODO" comment and expect to come back to it. Instead, do something that will force you to fix it.
+<code cpp>
+#define FAIL()  \
+   do {         \
+      fprintf(stderr, "abort! file: %s, line %d\n", __FILE__, __LINE__); \
+      abort(0); \
+   } while(0)
+</code>
+Then stub out your error checking:
+<code cpp>
+if(foo() == ERROR)
+{
+   FAIL(); // force immediate abort if this is never fixed.
+}
+</code>
+===== Function returns the same value for success or failure =====
 ====== Buffer Overflows ======
@@ Line 15: / Line 34: @@
 ====== Memory Leaks ======
+====== Memory Allocation ======
+<code cpp>
+#ifdef CHECK_ALLOC
+#define MALLOC bad_malloc
+#else
+#define MALLOC malloc
+#endif
+#define FAIL_COUNT = 3;
+void* bad_malloc(size_t size)
+{
+   static int fail = FAIL_COUNT;
+   void* ret = NULL;
+   if(--fail)
+      ret = malloc(size);
+   else
+      fail = FAIL_COUNT;
+   return ret;
+}
+</code>
 ====== Heap Corruption ======
+===== Electric Fence =====
+<code bash>
+$ gcc -o foo foo.c -lefence
+</code>
 ====== Race Conditions ======
+====== Code Coverage ======
+<code bash>
+$ gcc -ftest-coverage -fprofile-arcs foo.c
+$ gcov foo.c
+</code>
+====== Automated Tools ======
+<code bash>
+$ splint -I/inc *.c
+</code>