Thread: Did microsoft have a problem with input bounds?

  1. #1
    Registered User
    Join Date
    Mar 2019
    Posts
    50

    Did microsoft have a problem with input bounds?

    Iím currently reading C for dummies to get an in-depth look at some of the harder part of C for me to understand (pointers, loops, etc.). In it, author Dan Gookin writes, ďMost of the problems Microsoft has had with critical or fatal errors in its software are caused by a lack of this type of bounds checkĒ. Can anybody name some examples for me. Iím just trying to understand some of the effect of not checking your input bounds, both for future reference; but also out of curiosity. Input bounds seem like such a basic concept. Iím just wondering how not only the programmers, but the software engineers, and the testers would miss something like this.

  2. #2
    TEIAM - problem solved
    Join Date
    Apr 2012
    Location
    Melbourne Australia
    Posts
    1,859
    Have a look into why the function "gets()" is harmful and the Morris Internet worm

    Morris Internet Worm

  3. #3
    Registered User rstanley's Avatar
    Join Date
    Jun 2014
    Location
    New York, NY
    Posts
    689
    Out of bounds writes to heap memory can case heap corruption as well.

    Mickey$oft programmers are to lazy to put simple checks to prevent out-of-bounds access! ;^)

    They are too interested in pushing the code out the door, and never go back and add the checks!

    On Linux, there is a great tool, Valgrind, that doesn't require any changes to the code to detect these kinds of bugs!

    Mickey$oft wishes it had such a tool! ;^)

  4. #4
    Registered User
    Join Date
    Mar 2019
    Posts
    50
    ok ok, no ugliness now lol. That’s very interesting though, i personally only use windows for gaming, and don’t have a computer right now at all. However, on a side note, I have been looking into WINE and such for linux gaming. Back to the point though, what you said sounds very true. I just can’t belive something so simple could get through so many layers of software design. But... maybe that’s one of the issues as well as rushing, compartmentalizations of coders, engineers, and testers; and the lack of communication between them. And to the original reply, I saw that, C for dummies put that in one of the first chapters and I did some research on it, seems the gets function has a problem with the keyboard buffer if i remember correctly. It allows you to enter more characters than specified for strings. I saw that and immediately started changing out the practice programs gets with scanf, just so i wouldn’t get in the habit of using it. Never really put the two together but that would definitely be an input bounds problem. Just wondering though, would this maybe have been the problem with things like windows vista, or early msdos based windows versions that were so buggy?

  5. #5
    Registered User rstanley's Avatar
    Join Date
    Jun 2014
    Location
    New York, NY
    Posts
    689
    For the record, gets() has been depreciated in the ISO C99 C Standard, and has been removed completely from C11 Standard. fgets() is recommended for imputing Stings in C. You will need to deal with the trailing '\n' newline char at the end of the String.

    scanf() does not handle inputting strings with spaces without extra work.

    Mickey$oft's problems extend way beyond the possible use of gets()! There are too many ways out-of-bounds errors can occur, on the stack, on the heap, static data, etc... without proper bounds checking code.

  6. #6
    Registered User
    Join Date
    Mar 2019
    Posts
    50
    Quote Originally Posted by rstanley View Post
    For the record, gets() has been depreciated in the ISO C99 C Standard, and has been removed completely from C11 Standard. fgets() is recommended for imputing Stings in C. You will need to deal with the trailing '\n' newline char at the end of the String.

    scanf() does not handle inputting strings with spaces without extra work.

    Mickey$oft's problems extend way beyond the possible use of gets()! There are too many ways out-of-bounds errors can occur, on the stack, on the heap, static data, etc... without proper bounds checking code.
    oh yes i know about scanf not working for spacebar input. I assumed gets would have been seriously discouraged at least now days since this book advises against it in writing real programming, and the copyright is 2004. didn’t know about fgets though, thanks that’s a lot easier. By the way, I wasn’t saying microsoft’s big problem was just gets, I was saying in all the different ways that they forgot to check input bounds, as you alluded to and exampled.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. user input bounds not working
    By intex in forum C Programming
    Replies: 2
    Last Post: 11-24-2012, 08:06 PM
  2. Address out of bounds problem
    By raczzoli in forum C Programming
    Replies: 6
    Last Post: 06-16-2012, 03:01 PM
  3. Replies: 17
    Last Post: 09-25-2011, 06:49 AM
  4. Going beyond bounds problem
    By swgh in forum C++ Programming
    Replies: 4
    Last Post: 01-03-2009, 10:41 AM
  5. out of bounds problem
    By chris285 in forum Game Programming
    Replies: 1
    Last Post: 04-26-2005, 09:00 AM

Tags for this Thread