X
Business
Home Business Developer

Even the giants make mistakes

Next time you begin to berate yourself for making that awfully stupid coding mistake remember that it happens to the best and biggest of us — and happy sysadmin day.
Written by Chris Duckett, Contributor

Next time you begin to berate yourself for making that awfully stupid coding mistake remember that it happens to the best and biggest of us, including Microsoft.

A blog post on Microsoft's Security Development Lifecycle confirmed the cause of the latest exploit in Internet Explorer was due to a typo.

Here is the offending code:

__int64 cbSize;
hr = pStream->Read((void*) &cbSize, sizeof(cbSize), NULL);
BYTE *pbArray;
HRESULT hr = SafeArrayAccessData(psa, reinterpret_cast(&pbArray));
hr = pStream->Read((void*)&pbArray, (ULONG)cbSize, NULL);

And where is the typo you ask? It's on the pbArray's pointer, where the final line should be:

hr = pStream->Read((void*)pbArray, (ULONG)cbSize, NULL);

Despite all the effort that Microsoft puts into secure and proper code, its code analysis tools failed to detect the issue and the code reached production. The tools have now been updated to catch this problem and the developers will now have to use the new ATL libraries.

Now this would typically be the part where certain people start hooting and hollering about Microsoft's lameness and how they are personally the world's greatest coder.

However, I cannot don my asbestos suit for that. Humility precludes me, for I too, found a typo in my code from a 2006 article on JavaScript carousels. I have no idea how my clipboard contents, a URL in fact, found its way into the middle of some code and nothing was mentioned about it.

At least both typo-affected parties have learnt from this experience.

Happy sysadmin appreciation day
Today is also claimed as System Administrator Appreciation Day. The people behind this day say that you should shower your sysadmin in flowers and love for their unappreciated work — that's cool if your local sysadmin is a kind and personable fellow, and really, how many people like that are sysadmins?

If you have a BSMFH, I recommend broadcast pinging on your network all afternoon, endlessly copying many gigabytes of random files, secretly setting up an office MP3 server, and other general nuisances to make your sysadmin stop watching YouTube/reading your email like they do every Friday.

Of course, all these feelings for BSMFHs could be fixed if you would just give us all a bigger monitor and stop taking servers down during business hours.

Editorial standards
Show Comments

Related

Linus Torvalds and Dirk Hohndel, Open Source Summit North America 2024

Linus Torvalds takes on evil developers, hardware errors and 'hilarious' AI hype

penguin holding an apple on Sonoma background

6 features I wish MacOS would copy from Linux

Placeholder product image alt text

The best AI image generators to try right now