integer overflow in xemacs
Nico Golde
nico at ngolde.de
Wed Jan 23 18:20:36 EST 2008
Hi Stephen,
* Stephen J. Turnbull <stephen at xemacs.org> [2008-01-23 23:05]:
> Nico Golde writes:
> > WTF? True if you read word by word you could get the impression
> > that [put in range checks for all operations that could overflow]
> > does exactly reflect my opinion. However if you put some more
> > thinking into this you could realize that this was not my point.
>
> No, you said "fix the macro" and "the macro is dangerous", and counted
> the number of occurances. That very strongly implies putting range
> checking into the macro so that it takes place every time.
Ok maybe I should have been a bit more precise, I agree.
[...]
> In general, if you want to have credibility in security, you need to
> choose your words very precisely, and not depend on the listener's
> "common sense" to disambiguate. "Common sense" often doesn't account
> for the corner conditions that lead to your system getting owned.
>
> For example, (format "%30000000d" 1) is not compatible with common
> sense.
>
> And this *does* apply to non-native speakers (as I suspect you are).
I get what you mean. And yes, I am no native speaker.
> Sure, it's hard for them to achieve precision on the first go-round.
> So we iterate, that's not a problem. But the non-native speaker must
> not assume that others can make allowances (other than iterating).
Ok.
> > The point is, its your code, there was a problem with it, I
> > contacted you and you said: NO.
>
> Aidan said "no" (and he was wrong, since it hasn't been fixed in
> 21.4 which is the stable version), but I did not.
Yes true, maybe this is also some reason of the reaction,
you get the whole thing from two different persons with
different content and this annoys you and then..
Cheers and thanks for clarifying the sitatuation.
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://calypso.tux.org/pipermail/xemacs-beta/attachments/20080124/3a323784/attachment.bin
More information about the XEmacs-Beta
mailing list