Posts Tagged ‘Languages’

“De-Bugging” Code before Check-in

Wednesday, June 10th, 2009

Subscribe To Our Feed | Follow Us On Twitter | Get Updates on Email

Even an expert programmer cannot claim of writing bug free code. Bugs are here to stay during a software development life cycle. But what every programmer needs to do is to test his code before the code goes into the main repository. So, programmers have different techniques to do this. Running Test cases, getting code reviewed, code walk through, running manual tests, ad-hoc tests are various things performed by people and Bang!!! code goes into the repository. Let’s consider the following psuedo-code:

char* someString = (char*) malloc(100);
if(someString != NULL){
    // do something
}else{
    // handle error condition
}

Continue Reading

© Safer Code | “De-Bugging” Code before Check-in

Liked this post? Get FREE Updates
Subscribe to RSS feed

Or
Enter Your E-mail ID below

Tags: , , , , , , , , ,
Posted in C/C++, Security | No Comments »

Improper Variable Initialization

Tuesday, January 13th, 2009

Subscribe To Our Feed | Follow Us On Twitter | Get Updates on Email

Except for few good C programmers, others generally tend to ignore variable initialization or I should rather say “proper variable initialization”. Generally seen, the variable declaration itself is not done with a good thinking. Improper local variable initialization might not be good for the working of the program but improper global variable initialization might get your software or system hacked.

The uninitialized variable or a wrongly initialized variable might lead a program to change its normal course of flow from the intended one. For example: If a variable “index” is being used for array navigation and is left uninitialized, it might contain a garbage value which can lead to array index out of bounds error. or if the variable “index” is initialized wrongly to –1, it might lead to serious flaw in code flow. Even if an integer value is being initialized to ‘0’, it might lead to a security check bypass because for some programs, even a ‘0’ is considered a valid value.

Lets take an example of a code piece.

 int isMachineRunning = GetMachineStatus();
 int state = GetUserState(isMachineRunning);
 int userid = 0;
 if (state) {
	userid = ExtractUserID(state);
 }
/* do stuff */
if (uid == 0) {
	DoAdminThings();
}

Continue Reading >>

© Safer Code | Improper Variable Initialization

Liked this post? Get FREE Updates
Subscribe to RSS feed

Or
Enter Your E-mail ID below

Tags: , , , , , , ,
Posted in C/C++, Java, Security | No Comments »

And So It Begins…

Tuesday, October 14th, 2008

Subscribe To Our Feed | Follow Us On Twitter | Get Updates on Email

Thousands of sites around the interwebs are devoted to programming and producing code. But there is something missing. This “something” is actually the most important piece of the puzzle. This piece is about how “safe” and “efficient” your code is. There are programmers all over, but a very small minority is worried about finding all the loopholes in their code. Infact, most don’t even know there could be loopholes even as they start writing their program (more on this very soon ;) ). And many times, you’d see people creating a jet fighter for something that could be solved with a bicycle (although the pace would be vice-versa).

The problem here is that there are many things that are not taught in the schools, the knowledge might be out there on the internet, but either it is fuzzy, not properly explained or is plagued by just too much of information overload. You cannot imagine yourself (and everyone else around you) to sit in a week-long class and emerge a champion programmer. It has to seep in gradually.

So, this is an attempt to solve the problem. We’ll bring you the concepts to make your code a fortress. We’ll bring them at a gradual pace that gives you time to learn, understand, ask questions and imbibe them into your daily routines. The problems and solutions would range from the very basics and trivia to the most advanced. We’d concentrate mostly on examples through C/C++ with a bit of JAVA and others interspersed here and there when needed but most concepts learned could be as well applied to any language. We’ll not tell you how to program, we assume you already know, but we’ll tell you how to program efficiently and securely.

So, if you are a college goer, or a fresher just into the corporate world, or an experienced professional, we have something for you all, to make you so capable that you can take a running program and re-write it so that it runs for years without crashing, being exploited to death, or taking a ton of memory or cycles.

Enough talking now. As Linus once said “Talk is cheap. Show me the code.”. So, lets begin…

© Safer Code | And So It Begins…

Liked this post? Get FREE Updates
Subscribe to RSS feed

Or
Enter Your E-mail ID below

Tags: , , , , , , , , , , ,
Posted in General | No Comments »