It was a fairly straightforward bug. A wide-character string function was called with a byte count instead of a character count, leading to a buffer overrun. After finding the problem the fix was as simple as changing sizeof to _countof. … Continue reading
Just a few short weeks ago I recommended that all developers running 64-bit Windows 7 (that is, most developers) should install a hot-fix to correct a stack corruption bug that would hit anytime a 32-bit program crashed in the debugger … Continue reading
64-bit Windows 7 SP1 has a stack corruption bug that affects developers. Any developer with an AVX capable processor who is writing 32-bit code on 64-bit Window 7 SP1 is vulnerable. That sounds like a lot of conditions but I … Continue reading
I’ve been running static code analysis on four large code bases for over two years now. After the initial work of looking through all of the warnings and fixing the serious bugs I put the projects into code analysis maintenance … Continue reading
Last October I wrote about a crashing bug in the /analyze feature of Microsoft’s VC++ compiler – a use-after-free in their annotation parser. It’s now fixed.
I keep running into code that uses strcpy, sprintf, strncpy, _snprintf (Microsoft only), wcsncpy, swprintf, and morally equivalent functions. Please stop. There are alternatives which are far safer, and they actually require less typing. The focus of this post is … Continue reading
Last year I reported on a bug in 64-bit Windows 7 SP1’s support for AVX-capable processors. This bug causes stack corruption when a 32-bit program crashes while being debugged in Visual Studio, even if AVX is not used. Microsoft has … Continue reading