Re: integer overflow in xemacs
Hi Stephen,
* Stephen J. Turnbull <stephen(a)xemacs.org> [2008-01-23 23:05]:
Nico Golde writes:
> WTF? True if you read word by word you could get the impression
> that [put in range checks for all operations that could overflow]
> does exactly reflect my opinion. However if you put some more
> thinking into this you could realize that this was not my point.
No, you said "fix the macro" and "the macro is dangerous", and
counted
the number of occurances. That very strongly implies putting range
checking into the macro so that it takes place every time.
Ok maybe I should have been a bit more precise, I agree.
[...]
In general, if you want to have credibility in security, you need to
choose your words very precisely, and not depend on the listener's
"common sense" to disambiguate. "Common sense" often doesn't
account
for the corner conditions that lead to your system getting owned.
For example, (format "%30000000d" 1) is not compatible with common
sense.
And this *does* apply to non-native speakers (as I suspect you are).
I get what you mean. And yes, I am no native speaker.
Sure, it's hard for them to achieve precision on the first
go-round.
So we iterate, that's not a problem. But the non-native speaker must
not assume that others can make allowances (other than iterating).
Ok.
> The point is, its your code, there was a problem with it, I
> contacted you and you said: NO.
Aidan said "no" (and he was wrong, since it hasn't been fixed in
21.4 which is the stable version), but I did not.
Yes true, maybe this is also some reason of the reaction,
you get the whole thing from two different persons with
different content and this annoys you and then..
Cheers and thanks for clarifying the sitatuation.
Nico
--
Nico Golde - http://www.ngolde.de - nion(a)jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
_______________________________________________
XEmacs-Beta mailing list
XEmacs-Beta(a)xemacs.org
http://calypso.tux.org/cgi-bin/mailman/listinfo/xemacs-beta
Attachments:
- attachment.sig (application/pgp-signature — 189 bytes)