Category Archives: Code Reliability

No Start Menu for You

Posted on January 17, 2023 by brucedawson

I tend to launch most programs on my Windows 10 laptop by typing the <Win> key, then a few letters of the program name, and then hitting enter. On my powerful laptop (SSD and 32 GB of RAM) this process … Continue reading →

Posted in Code Reliability, Debugging, Investigative Reporting, Performance, Programming, Rants, uiforetw, xperf | Tagged hangs, pageheap, Windows 10 abandonware | 25 Comments

Finding Windows HANDLE leaks, in Chromium and others

Posted on July 25, 2021 by brucedawson

Three years ago I found a 32 GB memory leak caused by CcmExec.exe failing to close process handles. That bug is fixed, but ever since then I have had the handles column in Windows Task Manager enabled, just in case … Continue reading →

Posted in Bugs, Code Reliability, Investigative Reporting, uiforetw, xperf | Tagged handles, leaks | 20 Comments

The Easy Ones – Three Bugs Hiding in the Open

Posted on August 30, 2020 by brucedawson

I write a lot about investigations into tricky bugs – CPU defects, kernel bugs, transient 4-GB memory allocations – but most bugs are not that esoteric. Sometimes tracking down a bug is as simple as paying attention to server dashboards, … Continue reading →

Posted in Bugs, Code analysis, Code Reliability, Debugging, Floating Point, Linux, Performance | Tagged coding values | 17 Comments

Making Windows Slower Part 2: Process Creation

Posted on October 15, 2018 by brucedawson

Windows has long had a reputation for slow file operations and slow process creation. Have you ever wanted to make these operations even slower? This weeks’ blog post covers a technique you can use to make process creation on Windows … Continue reading →

Posted in Code Reliability, Investigative Reporting, Performance, Programming, Quadratic | Tagged Application Verifier, crashing, pageheap | 7 Comments

A Crash of Great Opportunity

Posted on September 24, 2014 by brucedawson

It was a fairly straightforward bug. A wide-character string function was called with a byte count instead of a character count, leading to a buffer overrun. After finding the problem the fix was as simple as changing sizeof to _countof. … Continue reading →

Posted in Code analysis, Code Reliability, Programming | Tagged crashes; static code analysis; preventative maintenance; black swan | 11 Comments

Developers Rejoice Again

Posted on September 5, 2013 by brucedawson

Just a few short weeks ago I recommended that all developers running 64-bit Windows 7 (that is, most developers) should install a hot-fix to correct a stack corruption bug that would hit anytime a 32-bit program crashed in the debugger … Continue reading →

Posted in Code Reliability, Programming, Visual Studio | Tagged bug voting, crashing, debugging, exceptions, first-chance exceptions, Windows bugs | 1 Comment

Developers Rejoice–Windows 7 Stack Corruption Fixed!

Posted on August 19, 2013 by brucedawson

64-bit Windows 7 SP1 has a stack corruption bug that affects developers. Any developer with an AVX capable processor who is writing 32-bit code on 64-bit Window 7 SP1 is vulnerable. That sounds like a lot of conditions but I … Continue reading →

Posted in Code Reliability, Programming, Visual Studio | Tagged bug voting, crashing, debugging, exceptions, first-chance exceptions, Windows bugs | 17 Comments

Two Years (and Thousands of Bugs) of Static Analysis

Posted on June 24, 2013 by brucedawson

I’ve been running static code analysis on four large code bases for over two years now. After the initial work of looking through all of the warnings and fixing the serious bugs I put the projects into code analysis maintenance … Continue reading →

Posted in Code analysis, Code Reliability, Programming, Visual Studio | Tagged /analyze, clang, VC++, visual studio | 22 Comments

VC++ /analyze Bug Finder Bug Fixed

Posted on June 14, 2013 by brucedawson

Last October I wrote about a crashing bug in the /analyze feature of Microsoft’s VC++ compiler – a use-after-free in their annotation parser. It’s now fixed.

Posted in Code analysis, Code Reliability, Investigative Reporting, Visual Studio | Tagged /analyze, Application Verifier, compiler crashes, VC++ 2012, visual studio | 4 Comments

Stop using strncpy already!

Posted on April 3, 2013 by brucedawson

I keep running into code that uses strcpy, sprintf, strncpy, _snprintf (Microsoft only), wcsncpy, swprintf, and morally equivalent functions. Please stop. There are alternatives which are far safer, and they actually require less typing. The focus of this post is … Continue reading →

Posted in Code Reliability, Visual Studio | Tagged buffer overruns, C++, null termination, strings, templates | 79 Comments