Jump to content

  • Log In with Google      Sign In   
  • Create Account

Banner advertising on our site currently available from just $5!


1. Learn about the promo. 2. Sign up for GDNet+. 3. Set up your advert!


MaulingMonkey

Member Since 18 Aug 2002
Offline Last Active Jul 29 2015 09:17 PM

Posts I've Made

In Topic: Tiny Serialization Library

18 June 2015 - 12:35 PM

Most of the low level I/O, if it fails, returns uninitialize data at best (which makes debugging nice and nondeterministic.)

There's no sane bounds checking - it appears trivial to create a tiny file which will eat all your memory when using read_string.

If you're lucky, it will throw std::bad_alloc or dereference null (depending on if exceptions are available or not).  If you're unlucky you'll exhaust all available memory and have OOM crashes later elsewhere.

 

I wouldn't consider this usable even in a non-hostile environment currently - savegame corruption happens, I don't want it crashing my titles on startup.

 

In a hostile environment, your attacker will use l=0xFFFFFFFF, the call to new char[0xFFFFFFFF+1] will succeed - it's the same as new char[0] which returns a unique non-null pointer.  The resulting read() call *without* the +1 will then be the start of the buffer overflow, likely probed for possible use in code injection attacks...

 

Throw SDL MiniFuzz or other fuzzing tools at this if you want to harden it up...


In Topic: Floating Point Constants

02 August 2012 - 03:46 AM

Well then it seems highly unlikely you need to worry about loss of precision when converting from float to double, unless your simple arithmetic involves numbers like 23423.4234234098029384233409583405 Posted Image

Of course, do note that simple decimal expressions like "0.3" have an infinite number of digits in binary fraction form and will suffer additional rounding if coerced to float.

In Topic: Software for at-a-glance overview / organizing of 9001 Projects?

21 June 2012 - 01:41 AM

Nothing out there quite like I want. Rolling my own pile of hacks: http://i.imgur.com/ET1Me.png
Needs more icons, better sorting metric, more accurate metrics in general, better handling of branches.

In Topic: Software for at-a-glance overview / organizing of 9001 Projects?

16 June 2012 - 04:06 AM

Zol on #gamedev suggests some sort of lightweight sourceforgelet stack that you run locally to quickly share local projects (or their information) with others.

In Topic: Sadistic library authors (my rant about Xerces for C++)

31 March 2012 - 01:48 PM


I'd like to remind all of you that we are talking about XML, Xerces, and libraries. Not languages. If this becomes a language thread, I will end it.


Not to question your ultimate authority, but if it happens with the consent of the OP, and with good manners, whats the problem exactly?

A long, sordid history of language flamefests degenerating into complete and utter shite on this forum, as they attract out every lurker who doesn't know what they're talking about but has strong (and wrong) "opinions" and "facts" about programming languages. This derails and prematurely ends thread after thread in the process, either because the concentrated stupid drives away the rest of the participants, or baits them into participating, or gets bad enough that a moderator has to close it.

Premature thread death is seen as bad for some reason, so effort is taken to avoid it.

My point is merely that the typical usability of a library is strongly intertwined with the characteristics of the language it is written in; and that C++ scores low on this metric, in my opinion. Not that crazy a tangent, is it?

Wack's bringing up lists of C#, Java, and C++ "pros/cons". Without reading too closely (as like many members, I've taken to skimming past this stuff when it comes up as it comes up so often) that certainly smells like it's getting/heading toward the rather tangential. And -- lets assume I'm full of shit and it's completely on topic (since I am skimming after all) -- it's still exactly the kind of thing that will attract the wrong sort of people and conversation.

So what can be done? Well, if you're Promit, you can tell the wrong sort to fuck off before they even start, and remind the right sort not to fall into the trap again.

And now you know ™

PARTNERS