- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Admin
This is too easy...
From the requirements page of your software:
This program MUST run on Windows (Vista).
Then enforce it in code.
Admin
When I was younger, my cousin was disgruntled over his sister constantly using his computer (that he paid for) at the insistence of their mother. I wrote a program for him that would sleep in the background for a bit, then randomly (and infinitely) start spawning threads that really, REALLY wanted to know the square root of rand(). It would slow to a crawl, usually right in the middle of her doing something important. The result was that she very quickly declared that his computer was 'a piece of junk' and we got to play Tribes.
Admin
/* gcc -c bleugh.c ; gcc bleugh.o -o bleugh; chmod +x bleugh ; ./bleugh */
#include <stdlib.h> #include <stdio.h>
typedef struct bleugh_s { int used1; int used2; int used3; int used4; } bleugh_t;
void new_bleugh( bleugh_t b ) { b->used1 = 1; / select target variable(s) to screw up */ b->used2 = 2; b->used3 = 3; b->used4 = 4; }
int main (int argc, char *argv[]) { int v1 = 11; int v2 = 22; int v3 = 33; int v4 = 44; bleugh_t *bleugh; int v5 = 55; int v6 = 66; int v7 = 77; int v8 = 88;
printf("A:\t%d\t%d\t%d\t%d\t-\t%d\t%d\t%d\t%d\n", v1,v2,v3,v4, v5,v6,v7,v8 );
set_bleugh( (bleugh_t *)&bleugh );
printf("B:\t%d\t%d\t%d\t%d\t-\t%d\t%d\t%d\t%d\n", v1,v2,v3,v4, v5,v6,v7,v8 );
return 0; }
A: 11 22 33 44 - 55 66 77 88
B: 3 4 33 44 - 55 66 77 88
Oldie but goody. Nice thing is you can arrange to put debug symbols to protect the vars, then on production runs when they disappear...
Admin
Did you ever notice that when a movie contains lots of crude sexual references and bathroom humor -- the sort of thing that appeals to 14 year-old boys -- they label it "for mature audiences". Shouldn't they say "for immature audiences"?
Admin
Buggered it up. set_bleugh() is new_bleugh(), or whatever.
Admin
Maybe
#include <stdlib.h> #define malloc malloc_bomb #define realmalloc malloc static inline void * malloc_bomb(size_t size) { if (size>8) size-=8; return realmalloc(size); }Admin
If recompiling is an option...
Why not recompile a version of PHP's mysql libraries that when mysql_query is ran and it finds a select command, instead of select, one out of 10,000(For really busy systems, might be too low by a few orders of magnitude, let's say, 10,000,000,000 runs), it sends "DROP TABLE $table" instead?
Admin
Find a function, preferably a complex one, that is called from a hundred places. Then make a copy of this function. Give it a name that conveys the same idea as the original but in different words. Like if the original is "calculateSalePrice", call your version "computeSalePrice" or "calculateCustomerPrice". Make a minor change to the copy that will cause it to give incorrect results but not blow up. Then change just one or two of the callers of the original function to use your broken function.
Now the program will give mysteriously inconsistent results. If you picked the callers to change wisely, this can be very cryptic.
This sabotague technique was used throughout many systems that I have worked on. Apparently every company I have ever worked for has lots of malicious disgruntled employees.
Admin
No. realmalloc gets replaced by malloc which in turn gets replaced by malloc_bomb. The correct one (according to ISO C) wouhl have #define at the bottom (after the function).
Admin
(Somebody had to say it.)
Admin
Just have your system redirect any Java building to a Java2K compiler. That way you encapsulate the bomb.
Java2K uses a base 11 for numeric types and methods that return primitives have a 10% chance of returning a random value.
Admin
Or maybe just replace the word SELECT with DELETE (it can be done without copying since both have the same length).
Admin
Tangential, but just wondering ...
If someone is completely happy with his job, do you call him a "gruntled employee"?
Admin
Hey, you guys know size is in bytes, not bits right? Just asking...
Admin
Reading these it occurs to me that this sort of thing is trivially easy to do in C by using #define, but rather difficult to do in Java. There's no easy way to redefine standard functions.
You could, I suppose, make your own version of some common library function with subtle broken behavior, and then put in an import to invoke your version instead of the standard version. I wonder how tough that would be for someone to spot. If you saw mysterious incorrect behavior, would you think to check the imports?
Admin
Yes, of course, and that’s the point. It works perfectly for malloc(sizeof(double)); but fails for malloc(sizeof(some_complex_structure));
Admin
You stole that from one of those quote pages. I actually went to look for it earlier because I wanted to post it myself, but then forgot.
Admin
Admin
Admin
I think that statistic about 5% of users here are women has a 4.9% margin of error... Also, I'm 50 turning 13 and am able to laugh occassionally (yes, at some low-brow jokes too, OMGWTFLOL!), so bugger off you hateful angry wanker.
Oh, and get off my lawn.
Admin
For Ruby code:
class NilClass def nil? rand <= 0.999999 end end
Gives some unexpected results in many applications.
Admin
What, the fact that it's Ruby?
Admin
An unbalanced
dropped in a header somewhere.The exact value doesn't matter, it just has to be different than the default packing on your machine. This appeared as a bug a few years ago, when a packed data structure didn't do a pop at the end, but a second push instead. This didn't cause a problem until application was ported from 32- to 64-bit, at which point the pushed value and the default value changed.
The net result is that compilation units which include this header will pack data structures differently than compilation units which don't. This means that a different, unsuspecting, unpacked structure Foo will be 12 bytes in some compilation units and 16 bytes in others. Trying to operate on the same instance of Foo in two different compilation units will have different results.
Admin
Rename the linker to something different (say, ld to ld_).
Create a script with the same name as the linker that simply passes it's arguments to the renamed linker, then randomly flips one bit in the output executable.
Admin
What kind of girlie stack are you using that it makes sense to allocate an individual double? I thought you were inducing off-by-one-byte errors, which can be quite hard to nail down.
Admin
Admin
For some of these C/C++/C# tricks it might be easier to sneak extra static libs into the linkage step. Just make sure that:
You might be able to do similar things with GAC and dotNET. Just ensure that all developers have the correctly working version in their GAC, while the deployed environments have the unpredictable versions.
P.S. Reminder to self... Review all pedrigees of "3rd" party libraries and GAC in our system(s).
Admin
That thing is actually pretty easy to debug. The first time you dump the assembly code in the debugger, you'll see that something weird is going on.
Admin
In RealBasic:
Function value(Extends dy As Dictionary, key As Variant) As Variant Dim rand As New Random Dim i As Integer = rand.InRange(0, 50) If i = 25 Then Return i Else Return(Dictionary(dy).Value(key)) End If End FunctionThis overrides the Dictionary.Value function of the dictionary class. 2% of the time (1 in 50) this will return a random number, all other times it will work as expected.
The dictionary class in RealBasic is already so prone to raising exceptions that many devs just put them in huge try..finally blocks so even if the data returned is erroneous or of the wrong datatype, no exception will be raised by the code referencing the dictionary.
Admin
This is when you use a binary editor to spray NOPs over the offending assembly code and refuse to pay as a matter of principle.
IT Consultant to Prince (name redacted)
P.S. You could have used an escrot (escargot?) service.
Admin
VB has a couple of subtle ones that can drive you nuts if you don't know them;
and
Given that these are applied at a module level and if you put these at the BOTTOM of a code file... :-)
Admin
That fails the subtlety requirements. Assume somewhere in the codebase, someone wrote a function call in an if statement:
Some compilers may handle that, and there may be a way to make other compilers handle that well, but in Visual Studio, for example, the #define will throw a compilation error.As an aside, does anyone know a way to do something like that with a #define in VS2008?
Admin
#import <objc/runtime.h> id BOMB(id self, SEL sel, ...) { const char *name = object_getClassName(self); if (name[strlen(name)-1] % 2 == 0) object_dispose(self); return nil; } @interface BOMBER {}@end @implementation BOMBER + (void)load { Class cl = objc_getClass("NSObject"); Method me = class_getInstanceMethod(cl, @selector(dealloc)); method_setImplementation(me, &BOMB); } @endImagine trying to debug this kind of memory leak. This won't show up in the Leaks instrument, the static analyzer, and produces no warnings with the default settings. Classes that will leak include NSAutoreleasePool, NSImage, any *Controller class, dictionaries, arrays, strings, data.
Admin
If I found this code in the wild, I'm pretty sure I would hunt down the culprit and skin his family in front of him before gouging out his eyes so it was the last thing he'd ever see.
Admin
So I've heard, but isn't 0 a magic number? If I read "if (x != 0)", I would (wrongly) think that x is an integer. NULL, otoh, is self-documenting regarding its intent.
Admin
Clever error. But depending on the internal procedures at the company
may be a worse condition. (Magic number 8 requires tuning.) The free should be based on the objects theoretical size, not the malloc, resulting in a slow leak. Especially brutal because each component group can blame another, and be convinced that they aren't causing the leak.Admin
And finally, a good one for scientific projects:
Admin
I once spent quite a while trying to debug a problem where it turns out someone had redefined the 64-bit types as 32-bit. The symptom was completely non-obvious.
Admin
How about for a VB console app,
Do Until 5 = 4
Console.Beep()
Loop
Admin
Admin
Admin
Isn't doing stuff like that the only way to make sure you actually get paid in Russia?
Admin
How about some concurrency issues:
Admin
This is a bible for me, every time I think something I find in it is cool I birch myself again.
http://mindprod.com/jgloss/unmain.html
At my last place of work I wrote a bait file. It had a functionality cycle of 5 includes, and it cycled 'printf' to resolve as:
printf scanf (void) printf("Kernel Exception"); <undefined>
I hasten to add it was never my intention to let this go into live code, it was just hidden in the engine tree to check our check-in proceedures. It was saved as a header file so it wouldn't be picked up unless you included it specifically. Then we forgot about it. When we bulked the headers for PCH we dumped every header in the tree, rather than only including headers that had cpps.
oops.
Took a while to (re)find.
Admin
mysql is so unreliable that wouldn't be noticed.
Admin
Admin
You know, I've always wondered why that field was static... Is it because of string interning?
(honest question)
Admin
Generic C-like pseudocode. Desired result: hide from debugger and invalidate cases where truth isn't determined by not being false 1% of the time. #ifndef _DEBUG if(rand(0,99)==42) { #DEFINE TRUE 404 } #endif
CAPTCHA: ingenium
Admin
Spot the evil:
#ifndef _DEBUG class boolean { public: bool value; boolean() : value(false) {} boolean(bool b) : value(b) {} ~boolean(); operator bool() { return value; } boolean operator=(bool b) { value = b; return *this; } boolean operator=(boolean b) { value = b.value; return *this; } }; boolean::~boolean() { while (true) {} } #define bool boolean #endifIt's a doozy.