What was the most dangerous programming mistake you have made in C?
I am an intermediate C programmer. If you have made any coding mistake that you came to know later that it was the most hazardous / harmful to the total application please share
-
if (importantvar = importantfunction() == VALID_CODE)This is when I meant this:
if ((important var = importantfunction()) == VALID_CODE)This led to many hours of debugging troubles when I assumed it worked like the latter.
讨论(0) -
I take the definition of dangerous as "we may ship with that bug and discover only years later when it's to late":
char* c = malloc(...); . . . free(c); . . . c[...] = ...;or
// char* s is an input string char* c = malloc(strlen(s)); strcpy(c, s);But if you write multiplatform (not limited to x86/x64) this is also great:
char* c = ...; int i = *((int*)c); // <-- alignment faultAnd if your buffer comes from an untrusted source.. basically most code around is dangerous.
But, anyway, in C it's so easy to shoot yourself in the foot, that a topic about shot feet could go around the thousands of pages.
讨论(0) -
One thing to look after are array bounds. If you go out of bounds, with bad luck you may end up overwriting memory that is used for other data.
One nasty bug related to this was going out of bounds for a static array variable in a function. That ended up as a function changing values of the local variables of the calling function. That wasn't so straight-forward to debug..
讨论(0) -
Using non-limited string functions such as strcpy() or strcmp(), instead of safe versions like strncpy() and strncmp().
讨论(0) -
This is a famous historical example (not something I did), but
double d; // d gets populated with a large number from somewhere short s = d ; // overflowled to the explosion and total loss of an Ariane V rocket.
讨论(0) -
if(a == true); { //Do sth when it is true. But it is allways executed. }Edit: Another variant of the same mistake.
for(i=0; i<max_iterations;i++); { //Do sth but unexpectedly only once }讨论(0)
加载中...
- 热议问题