POV-Ray: Newsgroups: povray.off-topic: Questionable optimizations: Re: Questionable optimizations

POV-Ray : Newsgroups : povray.off-topic : Questionable optimizations : Re: Questionable optimizations		Server Time 9 Oct 2024 02:31:03 EDT (-0400)

From: Darren New
Date: 19 Jul 2009 17:42:09
Message: <4a639331$1@news.povray.org>

clipka wrote:
> flawed code which I assume would have been discovered earlier in a
> commercial environment 

Interestingly, I can imagine this particular flaw might be easier to find by 
a bad guy in proprietary code. You can look at the machine code to see 
there's no check for NULL in that routine.

If the source code is available, how many people are really going to look at 
the generated machine code to see if security checks were optimized out by 
the compiler?  Obviously someone did, or came across it by accident, or 
something. (I didn't read the original original report.)

Just a thought...

How many routines in Linux look like they check for buffer overrun but don't 
because the compiler did something wrong or unexpected? Of those, how many 
will people notice, compared to the legions of people single-stepping thru 
IE.exe with a debugger looking for flaws? :-)

-- 
   Darren New, San Diego CA, USA (PST)
   "We'd like you to back-port all the changes in 2.0
    back to version 1.0."
   "We've done that already. We call it 2.0."

Post a reply to this message