SlideShare une entreprise Scribd logo

What has to be paid attention when reviewing code of the library you develop

Télécharger en tant que PPTX, PDF
Andrey Karpov
Andrey Karpov

Developers of libraries have to be more diligent than «classic» application programmers. Why? You never know where and when the library will be used: Platforms; Compilers; Optimizations; Usage scenarios.

Logiciels
1  sur  55
What has to be paid attention when reviewing code of the library you develop Andrey Karpov CTO, PVS-Studio karpov@viva64.com www.viva64.com
Code we discuss on C++Russia 2
Real code 3
This talk’s motto: let’s make the code better! C++ 4
About me • Karpov Andrey Nikolaevich • On Habr as Andrey2008 habr.com/users/andrey2008/ • CTO in ООО «Program Verification Systems» • Microsoft MVP • Intel Black Belt Software Developer • One of the founders of the PVS-Studio project 5
The main point • Developers of libraries have to be more diligent than «classic» application programmers 6
Why? • You never know where and when the library will be used • Platforms • Compilers • Optimizations • Usage scenarios 7
Goodbye to the problem of 2000 year 8
Say hi to the problem of 2038 year time_t 32-bit type is still used time_t 9
2038 • Especially relevant to: • Embedded systems • libraries • Jonathan Corbet. 2038: only 21 19 years away • https://www.viva64.com/en/b/0505/ 10
#pragma warning(default: NNN) • Incorrect pattern: #pragma warning(disable:12345) ... code ... #pragma warning(default:12345) 11
Let's take the example of C4201 • C4201: unnamed structures or unions. Level 4. • Issued with /Wall. • If you write default, the warning won’t be issued any more, as it’s disabled by default. 12
// d3dtypes.h // Direct3D types include file #pragma warning(disable:4201) // anonymous unions warning // ..... typedef struct _D3DCOLORVALUE { union { D3DVALUE r; D3DVALUE dvR; }; //.... } D3DCOLORVALUE; // .... #pragma warning(default:4201) 13
Correct: push, pop #pragma warning(push) #pragma warning(disable: NNNN) .... // Correct code, for which an NNNN warning is issued.... #pragma warning(pop) 14
#pragma warning(default: NNN) • It is ok in your *.cpp file • Mustn’t be in a header file of a library: • Useful warnings may disappear from the user’s code • Redundant warnings may appear in the user’s code 15
64-bit errors • I’ve had many talks and notes on this topic • Details by these links: • Lessons on development of 64-bit C/C++ applications https://www.viva64.com/en/l/full/ • DevGAMM 2018. Patterns of 64-bit errors in games https://youtu.be/uzmdelgQYuc 16
64-bit errors • Important: what will work for your code, isn’t going to fly for your library void Init(double *array, size_t n) { for (int i = 0; i < n; i++) array[i] = 1.0; } 17
A bit of 64-bit humor • StackOverflow: C and static Code analysis: Is this safer than memcpy? https://stackoverflow.com/questions/55239222/c-and- static-code-analysis-is-this-safer-than-memcpy • The analyzer issues a warning for the memset function; • Let’s «solve the problem» by writing our own copy function! 18
A bit of 64-bit humor void myMemCpy(void *dest, void *src, size_t n) { char *csrc = (char *)src; char *cdest = (char *)dest; for (int i=0; i<n; i++) cdest[i] = csrc[i]; } 19
exit, abort, terminate • One does not simply terminates the application inside the library! 20
malloc, realloc You must check what memory allocation functions returned! 21
Null pointer dereference= UB • You cannot hope that a crash will happen immediately; • You may taint some data, which is handled in parallel threads. void *memset(void *dest, int c, size_t n) { size_t k; if (!n) return dest; dest[0] = dest[n-1] = c; if (n <= 2) return dest; //.... } 22
Who said that a null offset would happen? EFL library static void st_collections_group_parts_part_description_filter_data(void) { //.... filter->data_count++; array = realloc(filter->data, sizeof(Edje_Part_Description_Spec_Filter_Data) * filter->data_count); array[filter->data_count - 1].name = name; array[filter->data_count - 1].value = value; filter->data = array; } 23
Null pointer dereference is a potential vulnerability • A crash with memory shortage is a denial of service; • Such behavior is inexcusable for libraries’ code; • An exception has to be thrown or one has to return the error status. 24
xmalloc for libraries is not a solution • xmalloc terminates the application if memory allocation fails; • It can be called in your own code; • You MUSTN’T call it in the code of libraries. 25
Undefined behavior • Code of libraries has more chances that undefined behavior will show itself • Let’s see an interesting function, which seized working due to «faulty GCC 8.0» https://www.linux.org.ru/forum/development/14422428 26
int foo(const unsigned char *s) { int r = 0; while(*s) { r += ((r * 20891 + *s *200) | *s ^ 4 | *s ^ 3) ^ (r >> 1); s++; } return r & 0x7fffffff; } 27
Dangerous usage of printf char buffer[1001]; int len; while ((len = pBIO_read(bio, buffer, 1000)) > 0) { buffer[len] = 0; fprintf(file, buffer); } 28
Dangerous usage of printf char *p; //.... printf(p); char *p; //.... printf("%s", p); 29
Don’t create macros/functions with names, matching standard ones • The first code example to demonstrate the point, not from a library. static int EatWhitespace (FILE * InFile) { int c; for (c = getc (InFile); isspace (c) && ('n' != c); c = getc (InFile)) ; return (c); } Midnight Commander. Where is the error? 30
You won’t find the error until you look in the header file #ifdef isspace #undef isspace #endif .... #define isspace(c) ((c)==' ' || (c) == 't') 31
What’s wrong with this code? bool set_value_convert(char_t*& dest, uintptr_t& header, uintptr_t header_mask, int value) { char buf[128]; sprintf(buf, "%d", value); return set_value_buffer(dest, header, header_mask, buf); } 32
StarEngine library: definesTypes.h #define sifstream std::ifstream #define sfstream std::fstream #define schar char #define suchar unsigned schar #define sprintf std::printf #define satof atof #define satoi atoi #define sstrlen strlen 33
Uninitialized dataclass CSnpBitAttributes { // .... Uint8 m_BitSet; }; inline CSnpBitAttributes::CSnpBitAttributes( const vector<char>& octet_string) { auto count = sizeof(m_BitSet); auto byte = octet_string.end(); do m_BitSet = (m_BitSet << 8) | *--byte; while (--count > 0); } NCBI Genome Workbench 34
Uninitialized data • When it comes to libraries, it makes sense to be a big nerd and initialize just in case. 35
Gods may do what cattle may not • Remember, that from now on this != nullptr. void CWnd::AttachControlSite(CHandleMap* pMap) { if (this != NULL && m_pCtrlSite == NULL) { //.... } } 36
Fun fact • At the time of C++ 1983 (Cfront) you could do like this: this = p; 37
Make a clear distinction in the interfaces BSTR and wchar_t * • Some people sometimes forget about differences between BSTR and wchar_t *; • Which leads to usage of incorrect types with all the consequences in interfaces. 38
BSTR and wchar_t * • wchar_t * – null-terminated string; • BSTR is a string data type used in COM, Automation and Interop functions; • «Different physical sense», but in terms of C and C++, these are equal types: typedef wchar_t OLECHAR; typedef OLECHAR * BSTR; 39
BSTR • Length prefix (4 bytes); • String of symbols in the Unicode encoding; • Terminal null; • The BSTR type is a pointer, which points at the first symbol of a string, not the length prefix. A B C D 0Length prefix BSTR 40
BSTR • Incorrect: • Correct: BSTR MyBstr = L"I am a happy BSTR"; BSTR MyBstr = SysAllocString(L"I am a happy BSTR"); 41
BSTR • It is incorrect to work with BSTR the same way as with wchar_t *; • Clearly distinguish these types in the interfaces; • Don’t confuse users. BSTR str = foo(); str += 3; // Теперь str это испорченная BSTR строка 42
Be careful with data truncation • Classic ways to lose significant bits: int i = fgetc(stream); char c = i; void *ptr = foo(); int n = (int)ptr; ptr = (void *)n; 43
Truncation of string length std::string str(foo()); short len = str.length(); size_t len = str.length(); std::string::size_type len = str.length(); auto len = str.length(); Gives a way to potential vulnerabilities. It is unforgivable for libraries. 44
Truncation: memcmp (CVE-2012-2122) typedef char my_bool; my_bool check_scramble(const char *scramble_arg, const char *message, const uint8 *hash_stage2) { .... return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE); } MySQL 45
Windows encoding CP1251. The letter 'я' has the code 255. 46
Truncation: EOF char c; printf("%s is already in *.base_fs format, just copying ....); rewind(blk_alloc_file); while ((c = fgetc(blk_alloc_file)) != EOF) { fputc(c, base_fs_file); } Android, C 47
More about EOF while (!cin.eof()) cin >> x; while (!cin.eof() && !cin.fail()) cin >> x; while (cin) cin >> x; 48
memset and CWE-14 EAPI Eina_Binbuf *emile_binbuf_decipher(....) { .... unsigned char ik[MAX_KEY_LEN]; unsigned char iv[MAX_IV_LEN]; .... on_error: memset(iv, 0, sizeof (iv)); memset(ik, 0, sizeof (ik)); return NULL; } EFL Core Libraries 49
memset and CWE-14 • Safe Clearing of Private Data • https://www.viva64.com/en/b/0388/ • CWE-14: Compiler Removal of Code to Clear Buffers https://cwe.mitre.org/data/definitions/14.html 50
51
Quick response to vulnerabilities • Many apps depend on one library; • It is reliability, which often wins over, rather than functionality; • Don’t hesitate to charge for this; • Users buy expensive paid libraries for creating PDF, even though there are plenty of free ones; • To save money do things right! 52
Code Review • Error handlers (usually tested badly); • correctness; • no exit, abort and so on. • malloc, realloc; • Names of functions and macros; • Namespace was made up for a reason; • Special attention to UB; • Special attention to truncation of high bits; • Initialization and memory clearing. 53
Recommendations • Much attention to Code Review; • Use static code analyzers; • Google opened a system for creating sandbox-environments for C/C++ libraries: https://security.googleblog.com/2019/03/open-sourcing- sandboxed-api.html 54
Any questions? • Andrey Karpov • CTO, PVS-Studio, www.viva64.com • E-Mail: karpov@viva64.com • Twitter: @Code_Analysis • LinkedIn: andrey-karpov-pvs-studio

Recommandé

C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical Reviewer
Andrey Karpov
 
Best Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesBest Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' Mistakes
Andrey Karpov
 
Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal Engine
Andrey Karpov
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
Andrey Karpov
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating system
Andrey Karpov
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsSafety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Andrey Karpov
 
The CppCat Analyzer Checks TortoiseGit
The CppCat Analyzer Checks TortoiseGitThe CppCat Analyzer Checks TortoiseGit
The CppCat Analyzer Checks TortoiseGit
Andrey Karpov
 
Picking Mushrooms after Cppcheck
Picking Mushrooms after CppcheckPicking Mushrooms after Cppcheck
Picking Mushrooms after Cppcheck
Andrey Karpov
 

Recommandé

C++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical ReviewerC++ Code as Seen by a Hypercritical Reviewer
C++ Code as Seen by a Hypercritical Reviewer
Andrey Karpov
 
Best Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' MistakesBest Bugs from Games: Fellow Programmers' Mistakes
Best Bugs from Games: Fellow Programmers' Mistakes
Andrey Karpov
 
Static Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal EngineStatic Code Analysis for Projects, Built on Unreal Engine
Static Code Analysis for Projects, Built on Unreal Engine
Andrey Karpov
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
Andrey Karpov
 
PVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating systemPVS-Studio is ready to improve the code of Tizen operating system
PVS-Studio is ready to improve the code of Tizen operating system
Andrey Karpov
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded SystemsSafety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
Andrey Karpov
 
The CppCat Analyzer Checks TortoiseGit
The CppCat Analyzer Checks TortoiseGitThe CppCat Analyzer Checks TortoiseGit
The CppCat Analyzer Checks TortoiseGit
Andrey Karpov
 
Picking Mushrooms after Cppcheck
Picking Mushrooms after CppcheckPicking Mushrooms after Cppcheck
Picking Mushrooms after Cppcheck
Andrey Karpov
 
Address/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerAddress/Thread/Memory Sanitizer
Address/Thread/Memory Sanitizer
Platonov Sergey
 
200 Open Source Projects Later: Source Code Static Analysis Experience
200 Open Source Projects Later: Source Code Static Analysis Experience200 Open Source Projects Later: Source Code Static Analysis Experience
200 Open Source Projects Later: Source Code Static Analysis Experience
Andrey Karpov
 
Top 10 bugs in C++ open source projects, checked in 2016
Top 10 bugs in C++ open source projects, checked in 2016Top 10 bugs in C++ open source projects, checked in 2016
Top 10 bugs in C++ open source projects, checked in 2016
PVS-Studio
 
Антон Бикинеев, Writing good std::future&lt; C++ >
Антон Бикинеев, Writing good std::future&lt; C++ >Антон Бикинеев, Writing good std::future&lt; C++ >
Антон Бикинеев, Writing good std::future&lt; C++ >
Sergey Platonov
 
Checking the Cross-Platform Framework Cocos2d-x
Checking the Cross-Platform Framework Cocos2d-xChecking the Cross-Platform Framework Cocos2d-x
Checking the Cross-Platform Framework Cocos2d-x
Andrey Karpov
 
100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects 100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects
Andrey Karpov
 
С++ without new and delete
С++ without new and deleteС++ without new and delete
С++ without new and delete
Platonov Sergey
 
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiA look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
Cysinfo Cyber Security Community
 
Конверсия управляемых языков в неуправляемые
Конверсия управляемых языков в неуправляемыеКонверсия управляемых языков в неуправляемые
Конверсия управляемых языков в неуправляемые
Platonov Sergey
 
Handling inline assembly in Clang and LLVM
Handling inline assembly in Clang and LLVMHandling inline assembly in Clang and LLVM
Handling inline assembly in Clang and LLVM
Min-Yih Hsu
 
Alexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implementAlexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implement
DefconRussia
 
Static Code Analysis and Cppcheck
Static Code Analysis and CppcheckStatic Code Analysis and Cppcheck
Static Code Analysis and Cppcheck
Zachary Blair
 
Analysis of Microsoft Code Contracts
Analysis of Microsoft Code ContractsAnalysis of Microsoft Code Contracts
Analysis of Microsoft Code Contracts
PVS-Studio
 
Checking the Source SDK Project
Checking the Source SDK ProjectChecking the Source SDK Project
Checking the Source SDK Project
Andrey Karpov
 
C++17 now
C++17 nowC++17 now
C++17 now
corehard_by
 
Static Code Analysis and AutoLint
Static Code Analysis and AutoLintStatic Code Analysis and AutoLint
Static Code Analysis and AutoLint
Leander Hasty
 
PVS-Studio features overview (2020)
PVS-Studio features overview (2020)PVS-Studio features overview (2020)
PVS-Studio features overview (2020)
Andrey Karpov
 
Работа с реляционными базами данных в C++
Работа с реляционными базами данных в C++Работа с реляционными базами данных в C++
Работа с реляционными базами данных в C++
corehard_by
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ code
Andrey Karpov
 
A Spin-off: CryEngine 3 SDK Checked with CppCat
A Spin-off: CryEngine 3 SDK Checked with CppCatA Spin-off: CryEngine 3 SDK Checked with CppCat
A Spin-off: CryEngine 3 SDK Checked with CppCat
Andrey Karpov
 
Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2
Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2
Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2
PVS-Studio
 
A nice 64-bit error in C
A nice 64-bit error in CA nice 64-bit error in C
A nice 64-bit error in C
PVS-Studio
 

Contenu connexe

Tendances

Антон Бикинеев, Writing good std::future&lt; C++ >
Антон Бикинеев, Writing good std::future&lt; C++ >Антон Бикинеев, Writing good std::future&lt; C++ >
Антон Бикинеев, Writing good std::future&lt; C++ >
Sergey Platonov
 
Конверсия управляемых языков в неуправляемые
Конверсия управляемых языков в неуправляемыеКонверсия управляемых языков в неуправляемые
Конверсия управляемых языков в неуправляемые
Platonov Sergey
 
C++17 now
C++17 nowC++17 now
C++17 now
corehard_by
 
PVS-Studio features overview (2020)
PVS-Studio features overview (2020)PVS-Studio features overview (2020)
PVS-Studio features overview (2020)
Andrey Karpov
 

Tendances (20)

Address/Thread/Memory Sanitizer
Address/Thread/Memory SanitizerAddress/Thread/Memory Sanitizer
Address/Thread/Memory Sanitizer
 
200 Open Source Projects Later: Source Code Static Analysis Experience
200 Open Source Projects Later: Source Code Static Analysis Experience200 Open Source Projects Later: Source Code Static Analysis Experience
200 Open Source Projects Later: Source Code Static Analysis Experience
 
Top 10 bugs in C++ open source projects, checked in 2016
Top 10 bugs in C++ open source projects, checked in 2016Top 10 bugs in C++ open source projects, checked in 2016
Top 10 bugs in C++ open source projects, checked in 2016
 
Антон Бикинеев, Writing good std::future&lt; C++ >
Антон Бикинеев, Writing good std::future&lt; C++ >Антон Бикинеев, Writing good std::future&lt; C++ >
Антон Бикинеев, Writing good std::future&lt; C++ >
 
Checking the Cross-Platform Framework Cocos2d-x
Checking the Cross-Platform Framework Cocos2d-xChecking the Cross-Platform Framework Cocos2d-x
Checking the Cross-Platform Framework Cocos2d-x
 
100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects 100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects
 
С++ without new and delete
С++ without new and deleteС++ without new and delete
С++ without new and delete
 
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiA look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
 
Конверсия управляемых языков в неуправляемые
Конверсия управляемых языков в неуправляемыеКонверсия управляемых языков в неуправляемые
Конверсия управляемых языков в неуправляемые
 
Handling inline assembly in Clang and LLVM
Handling inline assembly in Clang and LLVMHandling inline assembly in Clang and LLVM
Handling inline assembly in Clang and LLVM
 
Alexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implementAlexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implement
 
Static Code Analysis and Cppcheck
Static Code Analysis and CppcheckStatic Code Analysis and Cppcheck
Static Code Analysis and Cppcheck
 
Analysis of Microsoft Code Contracts
Analysis of Microsoft Code ContractsAnalysis of Microsoft Code Contracts
Analysis of Microsoft Code Contracts
 
Checking the Source SDK Project
Checking the Source SDK ProjectChecking the Source SDK Project
Checking the Source SDK Project
 
C++17 now
C++17 nowC++17 now
C++17 now
 
Static Code Analysis and AutoLint
Static Code Analysis and AutoLintStatic Code Analysis and AutoLint
Static Code Analysis and AutoLint
 
PVS-Studio features overview (2020)
PVS-Studio features overview (2020)PVS-Studio features overview (2020)
PVS-Studio features overview (2020)
 
Работа с реляционными базами данных в C++
Работа с реляционными базами данных в C++Работа с реляционными базами данных в C++
Работа с реляционными базами данных в C++
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ code
 
A Spin-off: CryEngine 3 SDK Checked with CppCat
A Spin-off: CryEngine 3 SDK Checked with CppCatA Spin-off: CryEngine 3 SDK Checked with CppCat
A Spin-off: CryEngine 3 SDK Checked with CppCat
 

Similaire à What has to be paid attention when reviewing code of the library you develop

Similaire à What has to be paid attention when reviewing code of the library you develop (20)

Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2
Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2
Analysis of Haiku Operating System (BeOS Family) by PVS-Studio. Part 2
 
A nice 64-bit error in C
A nice 64-bit error in CA nice 64-bit error in C
A nice 64-bit error in C
 
The operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzerThe operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzer
 
100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects100 bugs in Open Source C/C++ projects
100 bugs in Open Source C/C++ projects
 
Monitoring a program that monitors computer networks
Monitoring a program that monitors computer networksMonitoring a program that monitors computer networks
Monitoring a program that monitors computer networks
 
Patterns of 64-bit errors in games
Patterns of 64-bit errors in gamesPatterns of 64-bit errors in games
Patterns of 64-bit errors in games
 
0100_Embeded_C_CompilationProcess.pdf
0100_Embeded_C_CompilationProcess.pdf0100_Embeded_C_CompilationProcess.pdf
0100_Embeded_C_CompilationProcess.pdf
 
C Programming Training in Ambala ! Batra Computer Centre
C Programming Training in Ambala ! Batra Computer CentreC Programming Training in Ambala ! Batra Computer Centre
C Programming Training in Ambala ! Batra Computer Centre
 
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ BuilderA Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
A Check of the Open-Source Project WinSCP Developed in Embarcadero C++ Builder
 
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
App secforum2014 andrivet-cplusplus11-metaprogramming_applied_to_software_obf...
 
Monitoring a program that monitors computer networks
Monitoring a program that monitors computer networksMonitoring a program that monitors computer networks
Monitoring a program that monitors computer networks
 
PVS-Studio and 3DO Emulators
PVS-Studio and 3DO EmulatorsPVS-Studio and 3DO Emulators
PVS-Studio and 3DO Emulators
 
Python Basis Tutorial
Python Basis TutorialPython Basis Tutorial
Python Basis Tutorial
 
SAST and Application Security: how to fight vulnerabilities in the code
SAST and Application Security: how to fight vulnerabilities in the codeSAST and Application Security: how to fight vulnerabilities in the code
SAST and Application Security: how to fight vulnerabilities in the code
 
8871077.ppt
8871077.ppt8871077.ppt
8871077.ppt
 
Modern C++
Modern C++Modern C++
Modern C++
 
Checking the Open-Source Multi Theft Auto Game
Checking the Open-Source Multi Theft Auto GameChecking the Open-Source Multi Theft Auto Game
Checking the Open-Source Multi Theft Auto Game
 
Linux Initialization Process (1)
Linux Initialization Process (1)Linux Initialization Process (1)
Linux Initialization Process (1)
 
Interview with Anatoliy Kuznetsov, the author of BitMagic C++ library
Interview with Anatoliy Kuznetsov, the author of BitMagic C++ libraryInterview with Anatoliy Kuznetsov, the author of BitMagic C++ library
Interview with Anatoliy Kuznetsov, the author of BitMagic C++ library
 
Building High Performance Android Applications in Java and C++
Building High Performance Android Applications in Java and C++Building High Performance Android Applications in Java and C++
Building High Performance Android Applications in Java and C++
 

Plus de Andrey Karpov

Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Andrey Karpov
 

Plus de Andrey Karpov (20)

60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста60 антипаттернов для С++ программиста
60 антипаттернов для С++ программиста
 
60 terrible tips for a C++ developer
60 terrible tips for a C++ developer60 terrible tips for a C++ developer
60 terrible tips for a C++ developer
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...Ошибки, которые сложно заметить на code review, но которые находятся статичес...
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error Examples
 
PVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature OverviewPVS-Studio in 2021 - Feature Overview
PVS-Studio in 2021 - Feature Overview
 
PVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибокPVS-Studio в 2021 - Примеры ошибок
PVS-Studio в 2021 - Примеры ошибок
 
PVS-Studio в 2021
PVS-Studio в 2021PVS-Studio в 2021
PVS-Studio в 2021
 
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
 
Does static analysis need machine learning?
Does static analysis need machine learning?Does static analysis need machine learning?
Does static analysis need machine learning?
 
Typical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and JavaTypical errors in code on the example of C++, C#, and Java
Typical errors in code on the example of C++, C#, and Java
 
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
 
Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?Game Engine Code Quality: Is Everything Really That Bad?
Game Engine Code Quality: Is Everything Really That Bad?
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source SoftwareThe Use of Static Code Analysis When Teaching or Developing Open-Source Software
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
 
The Great and Mighty C++
The Great and Mighty C++The Great and Mighty C++
The Great and Mighty C++
 
Static code analysis: what? how? why?
Static code analysis: what? how? why?Static code analysis: what? how? why?
Static code analysis: what? how? why?
 
Zero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for youZero, one, two, Freddy's coming for you
Zero, one, two, Freddy's coming for you
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOpsPVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
 
Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...
Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...
Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...
 
PVS-Studio in the Clouds: CircleCI
PVS-Studio in the Clouds: CircleCIPVS-Studio in the Clouds: CircleCI
PVS-Studio in the Clouds: CircleCI
 

Dernier

What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
Juha-Pekka Tolvanen
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
masabamasaba
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
chiefasafspells
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 

Dernier (20)

What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 

What has to be paid attention when reviewing code of the library you develop

  • 1. What has to be paid attention when reviewing code of the library you develop Andrey Karpov CTO, PVS-Studio karpov@viva64.com www.viva64.com
  • 2. Code we discuss on C++Russia 2
  • 4. This talk’s motto: let’s make the code better! C++ 4
  • 5. About me • Karpov Andrey Nikolaevich • On Habr as Andrey2008 habr.com/users/andrey2008/ • CTO in ООО «Program Verification Systems» • Microsoft MVP • Intel Black Belt Software Developer • One of the founders of the PVS-Studio project 5
  • 6. The main point • Developers of libraries have to be more diligent than «classic» application programmers 6
  • 7. Why? • You never know where and when the library will be used • Platforms • Compilers • Optimizations • Usage scenarios 7
  • 8. Goodbye to the problem of 2000 year 8
  • 9. Say hi to the problem of 2038 year time_t 32-bit type is still used time_t 9
  • 10. 2038 • Especially relevant to: • Embedded systems • libraries • Jonathan Corbet. 2038: only 21 19 years away • https://www.viva64.com/en/b/0505/ 10
  • 11. #pragma warning(default: NNN) • Incorrect pattern: #pragma warning(disable:12345) ... code ... #pragma warning(default:12345) 11
  • 12. Let's take the example of C4201 • C4201: unnamed structures or unions. Level 4. • Issued with /Wall. • If you write default, the warning won’t be issued any more, as it’s disabled by default. 12
  • 13. // d3dtypes.h // Direct3D types include file #pragma warning(disable:4201) // anonymous unions warning // ..... typedef struct _D3DCOLORVALUE { union { D3DVALUE r; D3DVALUE dvR; }; //.... } D3DCOLORVALUE; // .... #pragma warning(default:4201) 13
  • 14. Correct: push, pop #pragma warning(push) #pragma warning(disable: NNNN) .... // Correct code, for which an NNNN warning is issued.... #pragma warning(pop) 14
  • 15. #pragma warning(default: NNN) • It is ok in your *.cpp file • Mustn’t be in a header file of a library: • Useful warnings may disappear from the user’s code • Redundant warnings may appear in the user’s code 15
  • 16. 64-bit errors • I’ve had many talks and notes on this topic • Details by these links: • Lessons on development of 64-bit C/C++ applications https://www.viva64.com/en/l/full/ • DevGAMM 2018. Patterns of 64-bit errors in games https://youtu.be/uzmdelgQYuc 16
  • 17. 64-bit errors • Important: what will work for your code, isn’t going to fly for your library void Init(double *array, size_t n) { for (int i = 0; i < n; i++) array[i] = 1.0; } 17
  • 18. A bit of 64-bit humor • StackOverflow: C and static Code analysis: Is this safer than memcpy? https://stackoverflow.com/questions/55239222/c-and- static-code-analysis-is-this-safer-than-memcpy • The analyzer issues a warning for the memset function; • Let’s «solve the problem» by writing our own copy function! 18
  • 19. A bit of 64-bit humor void myMemCpy(void *dest, void *src, size_t n) { char *csrc = (char *)src; char *cdest = (char *)dest; for (int i=0; i<n; i++) cdest[i] = csrc[i]; } 19
  • 20. exit, abort, terminate • One does not simply terminates the application inside the library! 20
  • 21. malloc, realloc You must check what memory allocation functions returned! 21
  • 22. Null pointer dereference= UB • You cannot hope that a crash will happen immediately; • You may taint some data, which is handled in parallel threads. void *memset(void *dest, int c, size_t n) { size_t k; if (!n) return dest; dest[0] = dest[n-1] = c; if (n <= 2) return dest; //.... } 22
  • 23. Who said that a null offset would happen? EFL library static void st_collections_group_parts_part_description_filter_data(void) { //.... filter->data_count++; array = realloc(filter->data, sizeof(Edje_Part_Description_Spec_Filter_Data) * filter->data_count); array[filter->data_count - 1].name = name; array[filter->data_count - 1].value = value; filter->data = array; } 23
  • 24. Null pointer dereference is a potential vulnerability • A crash with memory shortage is a denial of service; • Such behavior is inexcusable for libraries’ code; • An exception has to be thrown or one has to return the error status. 24
  • 25. xmalloc for libraries is not a solution • xmalloc terminates the application if memory allocation fails; • It can be called in your own code; • You MUSTN’T call it in the code of libraries. 25
  • 26. Undefined behavior • Code of libraries has more chances that undefined behavior will show itself • Let’s see an interesting function, which seized working due to «faulty GCC 8.0» https://www.linux.org.ru/forum/development/14422428 26
  • 27. int foo(const unsigned char *s) { int r = 0; while(*s) { r += ((r * 20891 + *s *200) | *s ^ 4 | *s ^ 3) ^ (r >> 1); s++; } return r & 0x7fffffff; } 27
  • 28. Dangerous usage of printf char buffer[1001]; int len; while ((len = pBIO_read(bio, buffer, 1000)) > 0) { buffer[len] = 0; fprintf(file, buffer); } 28
  • 29. Dangerous usage of printf char *p; //.... printf(p); char *p; //.... printf("%s", p); 29
  • 30. Don’t create macros/functions with names, matching standard ones • The first code example to demonstrate the point, not from a library. static int EatWhitespace (FILE * InFile) { int c; for (c = getc (InFile); isspace (c) && ('n' != c); c = getc (InFile)) ; return (c); } Midnight Commander. Where is the error? 30
  • 31. You won’t find the error until you look in the header file #ifdef isspace #undef isspace #endif .... #define isspace(c) ((c)==' ' || (c) == 't') 31
  • 32. What’s wrong with this code? bool set_value_convert(char_t*& dest, uintptr_t& header, uintptr_t header_mask, int value) { char buf[128]; sprintf(buf, "%d", value); return set_value_buffer(dest, header, header_mask, buf); } 32
  • 33. StarEngine library: definesTypes.h #define sifstream std::ifstream #define sfstream std::fstream #define schar char #define suchar unsigned schar #define sprintf std::printf #define satof atof #define satoi atoi #define sstrlen strlen 33
  • 34. Uninitialized dataclass CSnpBitAttributes { // .... Uint8 m_BitSet; }; inline CSnpBitAttributes::CSnpBitAttributes( const vector<char>& octet_string) { auto count = sizeof(m_BitSet); auto byte = octet_string.end(); do m_BitSet = (m_BitSet << 8) | *--byte; while (--count > 0); } NCBI Genome Workbench 34
  • 35. Uninitialized data • When it comes to libraries, it makes sense to be a big nerd and initialize just in case. 35
  • 36. Gods may do what cattle may not • Remember, that from now on this != nullptr. void CWnd::AttachControlSite(CHandleMap* pMap) { if (this != NULL && m_pCtrlSite == NULL) { //.... } } 36
  • 37. Fun fact • At the time of C++ 1983 (Cfront) you could do like this: this = p; 37
  • 38. Make a clear distinction in the interfaces BSTR and wchar_t * • Some people sometimes forget about differences between BSTR and wchar_t *; • Which leads to usage of incorrect types with all the consequences in interfaces. 38
  • 39. BSTR and wchar_t * • wchar_t * – null-terminated string; • BSTR is a string data type used in COM, Automation and Interop functions; • «Different physical sense», but in terms of C and C++, these are equal types: typedef wchar_t OLECHAR; typedef OLECHAR * BSTR; 39
  • 40. BSTR • Length prefix (4 bytes); • String of symbols in the Unicode encoding; • Terminal null; • The BSTR type is a pointer, which points at the first symbol of a string, not the length prefix. A B C D 0Length prefix BSTR 40
  • 41. BSTR • Incorrect: • Correct: BSTR MyBstr = L"I am a happy BSTR"; BSTR MyBstr = SysAllocString(L"I am a happy BSTR"); 41
  • 42. BSTR • It is incorrect to work with BSTR the same way as with wchar_t *; • Clearly distinguish these types in the interfaces; • Don’t confuse users. BSTR str = foo(); str += 3; // Теперь str это испорченная BSTR строка 42
  • 43. Be careful with data truncation • Classic ways to lose significant bits: int i = fgetc(stream); char c = i; void *ptr = foo(); int n = (int)ptr; ptr = (void *)n; 43
  • 44. Truncation of string length std::string str(foo()); short len = str.length(); size_t len = str.length(); std::string::size_type len = str.length(); auto len = str.length(); Gives a way to potential vulnerabilities. It is unforgivable for libraries. 44
  • 45. Truncation: memcmp (CVE-2012-2122) typedef char my_bool; my_bool check_scramble(const char *scramble_arg, const char *message, const uint8 *hash_stage2) { .... return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE); } MySQL 45
  • 46. Windows encoding CP1251. The letter 'я' has the code 255. 46
  • 47. Truncation: EOF char c; printf("%s is already in *.base_fs format, just copying ....); rewind(blk_alloc_file); while ((c = fgetc(blk_alloc_file)) != EOF) { fputc(c, base_fs_file); } Android, C 47
  • 48. More about EOF while (!cin.eof()) cin >> x; while (!cin.eof() && !cin.fail()) cin >> x; while (cin) cin >> x; 48
  • 49. memset and CWE-14 EAPI Eina_Binbuf *emile_binbuf_decipher(....) { .... unsigned char ik[MAX_KEY_LEN]; unsigned char iv[MAX_IV_LEN]; .... on_error: memset(iv, 0, sizeof (iv)); memset(ik, 0, sizeof (ik)); return NULL; } EFL Core Libraries 49
  • 50. memset and CWE-14 • Safe Clearing of Private Data • https://www.viva64.com/en/b/0388/ • CWE-14: Compiler Removal of Code to Clear Buffers https://cwe.mitre.org/data/definitions/14.html 50
  • 51. 51
  • 52. Quick response to vulnerabilities • Many apps depend on one library; • It is reliability, which often wins over, rather than functionality; • Don’t hesitate to charge for this; • Users buy expensive paid libraries for creating PDF, even though there are plenty of free ones; • To save money do things right! 52
  • 53. Code Review • Error handlers (usually tested badly); • correctness; • no exit, abort and so on. • malloc, realloc; • Names of functions and macros; • Namespace was made up for a reason; • Special attention to UB; • Special attention to truncation of high bits; • Initialization and memory clearing. 53
  • 54. Recommendations • Much attention to Code Review; • Use static code analyzers; • Google opened a system for creating sandbox-environments for C/C++ libraries: https://security.googleblog.com/2019/03/open-sourcing- sandboxed-api.html 54
  • 55. Any questions? • Andrey Karpov • CTO, PVS-Studio, www.viva64.com • E-Mail: karpov@viva64.com • Twitter: @Code_Analysis • LinkedIn: andrey-karpov-pvs-studio