Category Archives: Code Reliability

A Crash of Great Opportunity

It was a fairly straightforward bug. A wide-character string function was called with a byte count instead of a character count, leading to a buffer overrun. After finding the problem the fix was as simple as changing sizeof to _countof. … Continue reading

Posted in Code analysis, Code Reliability, Programming | Tagged | 12 Comments

Developers Rejoice Again

Just a few short weeks ago I recommended that all developers running 64-bit Windows 7 (that is, most developers) should install a hot-fix to correct a stack corruption bug that would hit anytime a 32-bit program crashed in the debugger … Continue reading

Posted in Code Reliability, Programming, Visual Studio | Tagged , , , , , | 1 Comment

Developers Rejoice–Windows 7 Stack Corruption Fixed!

64-bit Windows 7 SP1 has a stack corruption bug that affects developers. Any developer with an AVX capable processor who is writing 32-bit code on 64-bit Window 7 SP1 is vulnerable. That sounds like a lot of conditions but I … Continue reading

Posted in Code Reliability, Programming, Visual Studio | Tagged , , , , , | 18 Comments

Two Years (and Thousands of Bugs) of Static Analysis

I’ve been running static code analysis on four large code bases for over two years now. After the initial work of looking through all of the warnings and fixing the serious bugs I put the projects into code analysis maintenance … Continue reading

Posted in Code analysis, Code Reliability, Programming, Visual Studio | Tagged , , , | 22 Comments

VC++ /analyze Bug Finder Bug Fixed

Last October I wrote about a crashing bug in the /analyze feature of Microsoft’s VC++ compiler – a use-after-free in their annotation parser. It’s now fixed.

Posted in Code analysis, Code Reliability, Investigative Reporting, Visual Studio | Tagged , , , , | 4 Comments

Stop using strncpy already!

I keep running into code that uses strcpy, sprintf, strncpy, _snprintf (Microsoft only), wcsncpy, swprintf, and morally equivalent functions. Please stop. There are alternatives which are far safer, and they actually require less typing. The focus of this post is … Continue reading

Posted in Code Reliability, Visual Studio | Tagged , , , , | 74 Comments

Should This Windows 7 Bug be Fixed?

Last year I reported on a bug in 64-bit Windows 7 SP1’s support for AVX-capable processors. This bug causes stack corruption when a 32-bit program crashes while being debugged in Visual Studio, even if AVX is not used. Microsoft has … Continue reading

Posted in Code Reliability, Programming, Visual Studio | Tagged , , , , , | 85 Comments