|
|
|
|
|
|
by jwise0
4519 days ago
|
|
|
Worse, it is not even a certain check against integer overflow. A particularly large expression could have overflowed substantially enough that it becomes positive again! This, in fact, was the source of a vulnerability in PHP [1]. (The way they 'resolved' it, uh, isn't much better.) There is almost never a magic bullet for integer overflow. Programming secure systems requires thought. [1] http://use.perl.org/use.perl.org/_Aristotle/journal/33448.ht... |
|
|