

Quantitative analysis of issues found by afl in mandoc - jorgecastillo
http://undeadly.org/cgi?action=article&sid=20150619071929

======
baby
> abuse of assert() for input validation

Does anyone know what he's talking about?

~~~
KerrickStaley
assert() is a macro that will print an error message and abort the program if
its argument doesn't evaluate to true.

assert() is usually used in debug builds to verify internal invariants of the
code: "if this is false, something has gone horribly, terribly wrong; we've
gone crazy and we should abort to avoid further hurting ourselves or others".
It shouldn't be used to verify that user input is well-formed, since this
happens under normal circumstances.

~~~
RickHull
Furthermore, assert is specifically intended to catch internal logic bugs
which would still be present even after user input validation. i.e. logic bugs
which are invariant upon user input

------
strommen
The 7 most-severe bugs were specifically related to reading/writing the wrong
place in memory. These are impossible bugs to have in managed-memory
environments.

It is absolute madness to use C or C++ in a security-critical system.

~~~
xyzzy123
Except for maybe the kernel, libc, the browser, drivers, widely used server
software, emulator suites, the window system, the office suite you have to
use, the runtime libraries for the high level languages you use, and so on.
</s>

(Hmm, perhaps I'm making your point for you? ...)

One thing I have noticed though is that replacing manual with automatic memory
management often doesn't help as much as one might think. The bugs just tend
to shift to other areas (e.g. memory corruption -> command execution, XSS or
XXE etc).

I think this is because with a more forgiving language, developers tend to
naturally create more complex systems. Like how car drivers go faster when
they feel safer in their car.

