Today's Question:  What are you most afraid of as a programmer?        GIVE A SHOUT

SEARCH KEYWORD -- bug



  A serious security vulnerability found in MySQL/MariaDB


Recently a serious security vulnerability was found in MySQL/MariaDB. It relates to the access to the database. The issue is described below.When a user connects to MariaDB/MySQL, a token (SHA over a password and a random scramble string) is calculated and compared with the expected value. Because of incorrect casting, it might've happened that the token and the expected value were considered equal, even if the memcmp() returned a non-zero value. In this case MySQL/MariaDB would think that the p...

   MySQL,MariaDB,bug,fix,password,memcmp()     2012-06-11 10:28:09


  Linus Torvalds apologizes for Linux 4.8 kernel bug


On Oct 2, Linus Torvalds proudly announced the release of Linux 4.8. But just days after the release, a bug was found in the kernel and Linus came out and apologized for this bug. I'm really sorry I applied that last series from Andrew just before doing the 4.8 release, because they cause problems, and now it is in 4.8 (and that buggy crap is marked for stable too). In particular, I just got this kernel BUG at ./include/linux/swap.h:276 and the end result was a dea...

   LINUX,LINUX KERNEL,NEWS,LINUS TORVALDS,BUG_ON     2016-10-07 03:46:17


  Latest PHP patch cannot fix the bug


On Wednesday(2012-05-02), a remote code execution vulnerability in PHP was accidentally exposed to the Web, prompting fears that it may be used to target vulnerable websites on a massive scale. The bug itself was traced back to 2004, and came to light during a recent CTF competition.A CERT advisory on the flaw explains: “When PHP is used in a CGI-based setup (such as Apache's mod_cgid), the php-cgi receives a processed query string parameter as command line arguments which allows command...

   PHP,bug,patch,bypassed     2012-05-08 11:20:56


  HeartBleed: OpenBSD now starts to clean up OpenSSL


Since the disclosure of HeartBleed bug in OpenSSL, some arguments emerge around the safety of OpenSSL, the largest open source SSL/TLS library used by large number of servers, applications. Some people are even starting to create their own version of SSL library. This includes OpenBSD, a famous Unix like open source operating system. Just a few days after the HeartBleed bug, OpenBSD forked a new branch of OpenSSL and started to clean up the forked branch and plans to merge it to its own cod...

   HeartBleed,OpenBSD     2014-04-15 04:21:26


  What do programmers like to say usually?


Coding is an very important part of programmer's daily work. But beyond coding, programmers need to do other work as well, they need to fix bugs reported by users, they need to write documents for their codes. Also, they often need to answer questions from customers, bosses and colleagues. What do they often say when they are facing different sort of questions? Today we share some. It's done. I just need to clean up a few things. This is hacky, but I'll fix it soon. This can never happen: It's ...

   Programmer,Execuse,Bug     2013-08-07 07:38:30


  Frequently used explanations of programmers


As a programmer, I think many of us have something like these below in our daily work. From these explanations, we may get to know different programmer's characteristics. Below are something we may say frequently. Don't be too serious about them.It's working on my computerI never heard about this beforeIt was working normally yesterdayOk, this is a bugHow is it possible?This must be the problem of the machine or the environmentDo you update your operating system?Must be the problems of client...

   Explanation,Programmer     2012-04-25 08:07:43


  How to prevent next HeartBleed bug?


How to ensure the security of open source projects is a concern for many open source users including individual users and companies. But it's not an easy task to ensure the security of open source projects. Because everyone can see the source code, there is much higher possibility that a bug may be found by someone. Once a bug is disclosed, people may exploit it and do evil things, this may cause loss of money either for individuals or companies, some of the bugs may even have big impact to the...

   Open source,HeartBleed,Security     2014-04-24 09:07:05


  HeartBleed: Inside the heart, what happens to a normal WEB user?


To be brief, our email, IM, facebook etc. are at the risk, so try to minimize the access in these few days. Especially we should try to avoid log into our internet-banking, because we may expose our user id and password. Also later when the service providers fix the bug, we would better to change a new password for all the web accounts that are important to us. Here comes the technical explanation. You might notice before that a lot of websites use URL starting with "https". For example, https:/...

   HeartBleed,Analysis     2014-04-09 22:41:43


  HeartBleed: Should C be blamed for the HeartBleed bug?


There is a discussion about the security of applications written in C on Hacker News recently after the report of HeartBleed bug in OpenSSL. In this discussion, some people are saying that the applications written in C are unsafe. It seems all or most of the faults should be laid on C. I think this is biased. The language itself should not be blamed.Safety is a relative term for programming languages. No language is absolutely safe. We claim some languages like Java and C# are safer than C/C++ b...

   C,HeartBleed,Analysis,Code review     2014-04-14 03:52:55


  An experience of fixing a memory-corruption bug


During the last 4 months, I was disturbed by a memory-corruption bug, and this bug will cause program crash. Until last Monday, I found the root cause and fixed it. This debug process is a difficult but memorable experience, so I will share it in this article.   My program works as a SMS Hub. When it receives a SMS, it will allocate a structure in heap memory like this: typedef struct { ...... int *a[8]; ...... } info; After processing the SMS, the program will free the m...

   c, debug, unix, solaris, multi-thread     2014-05-04 03:52:43