|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Update: Web browsers - a mini-farce (MSIE gives in)
From: Tim Newsham (newsham
lava.net)
Date: Fri Oct 29 2004 - 14:30:54 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> > From: Tim Newsham [mailto:newshamlava.net]
>
> > But lets assume that a good programmer is writing software and
> > it comes to his attention that there is a buffer overflow, or
> > that user input is not being filtered, or that user input is being
> > passed to a printf type function. What happens next? Well, it
> > depends on how many bugs there are, how much other work needs
> > to be done, and very importantly, what the perceived impact of
> > that bug is. You cannot imagine how many times a bug is pointed
> > out and the author of the software says "ok, that bug can only
> > happen if the user does something stupid, and it is not exploitable.
> > Lets defer that one."
>
> This suggests that it's reasonable for a program to segfault because the
> user made a mistake, instead of having some non-fatal form of error
> handling. I don't think that should be acceptable at all, though I agree
> it's very common. If I had a dollar for every time I've lost work because a
> segfault or GPF happened before I saved my document...
A "defer" means "we'll fix it, but we have more important things to
do first." I wouldn't say its an acceptance that its "reasonable"
behavior.
Tim N.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]