Hacker News new | past | comments | ask | show | jobs | submit login

No regression tests? ಠ_ಠ

It looks like a bad merge in which if there was a test it would've not been merged either.

(again). Goto fail comes to mind.

I mean... does every single patch need a regression test? If I did free(p); p[i] = 1; and then I fixed it by doing p[i] = 1; free(p); do I really need a regression test to trigger the dumb use-after-free I'd introduced?

I think the answer to your question is not obvious. Here, it would have prevented the problem of Apple. 12 years ago while working on a military project on sun, I have encountered a similar vulnerability caused by a regression https://blog.erratasec.com/2007/02/trivial-remote-solaris-0d...

Adding this kind of non regression test is costly, but it protects against source code management mistakes.

Unless, of course, the code management mistake that removes the patch also removes the regression test!

> I think the answer to your question is not obvious.

You mean the answer could be "yes, every single patch must have a regression test"?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact