2014 Underhanded C Contest Winners Announced

Posted by timothy on Friday June 5, 2015 @02:56PM from the like-a-tongue-in-a-human-cheek-forever dept.

Rei writes with a bit of news from earlier this week: It's that time of year again — the results of the 2014 Underhanded C Contest have been announced. Techniques used for secretly alerting a user to a NSA request include (among others) misleadingly long loop execution, replacing user #defines with system ones, K&R style function declarations to avoid type checking, and using system #includes to covertly change structure packing. The winning entry exploits a system-provided function that is implemented as a poorly protected macro, tricking it into executing a piece of code given as an argument multiple times.

1 of 27 comments (clear)

Min score:

Reason:

Sort:

Re:Winners of giving away secrets by Anonymous Coward · 2015-06-05 15:37 · Score: 2, Informative

The Underhanded C Contest doesn't use real code. They give you an objective to accomplish using apparently innocuous code. That is, you write a function that looks harmless but does something it shouldn't, is hard to spot, and can be passed off as an honest mistake.
Another year I remember you had to do something that worked on different operating systems but run horribly slow on the competitor's OS (that is, it runs fast on an OS and slow on another)..