Even the giants make mistakes

Summary:Next time you begin to berate yourself for making that awfully stupid coding mistake remember that it happens to the best and biggest of us — and happy sysadmin day.

Next time you begin to berate yourself for making that awfully stupid coding mistake remember that it happens to the best and biggest of us, including Microsoft.

A blog post on Microsoft's Security Development Lifecycle confirmed the cause of the latest exploit in Internet Explorer was due to a typo.

Here is the offending code:

__int64 cbSize;
hr = pStream->Read((void*) &cbSize, sizeof(cbSize), NULL);
BYTE *pbArray;
HRESULT hr = SafeArrayAccessData(psa, reinterpret_cast(&pbArray));
hr = pStream->Read((void*)&pbArray, (ULONG)cbSize, NULL);

And where is the typo you ask? It's on the pbArray's pointer, where the final line should be:

hr = pStream->Read((void*)pbArray, (ULONG)cbSize, NULL);

Despite all the effort that Microsoft puts into secure and proper code, its code analysis tools failed to detect the issue and the code reached production. The tools have now been updated to catch this problem and the developers will now have to use the new ATL libraries.

Now this would typically be the part where certain people start hooting and hollering about Microsoft's lameness and how they are personally the world's greatest coder.

However, I cannot don my asbestos suit for that. Humility precludes me, for I too, found a typo in my code from a 2006 article on JavaScript carousels. I have no idea how my clipboard contents, a URL in fact, found its way into the middle of some code and nothing was mentioned about it.

At least both typo-affected parties have learnt from this experience.

Happy sysadmin appreciation day
Today is also claimed as System Administrator Appreciation Day. The people behind this day say that you should shower your sysadmin in flowers and love for their unappreciated work — that's cool if your local sysadmin is a kind and personable fellow, and really, how many people like that are sysadmins?

If you have a BSMFH, I recommend broadcast pinging on your network all afternoon, endlessly copying many gigabytes of random files, secretly setting up an office MP3 server, and other general nuisances to make your sysadmin stop watching YouTube/reading your email like they do every Friday.

Of course, all these feelings for BSMFHs could be fixed if you would just give us all a bigger monitor and stop taking servers down during business hours.

Topics: Software Development

About

Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.