Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Awards Researchers $100k For Detecting Emerging Class of C++ Bugs

Posted by timothy on from the incentives-matter dept.

An anonymous reader writes: Facebook has awarded $100,000 to a team of researchers from Georgia Tech University for their discovery of a new method for identifying "bad-casting" vulnerabilities that affect programs written in C++. "Type casting, which converts one type of an object to another, plays an essential role in enabling polymorphism in C++ because it allows a program to utilize certain general or specific implementations in the class hierarchies. However, if not correctly used, it may return unsafe and incorrectly casted values, leading to so-called bad-casting or type-confusion vulnerabilities," the researchers explained in their paper.

4 of 73 comments (clear)

  1. No they haven't by Burdell · · Score: 3, Informative

    They haven't awarded anything to "Georgia Tech University", because there is no such thing. Georgia Tech is an institute; the Georgia Institute Of Technology.

  2. OMFG! by jimpop · · Score: 1, Informative

    1) learn something that older people learned decades ago

    2) write document warning people, who ignored history..., of the dangers!!

    3) profit!

    1. Re:OMFG! by edtice1559 · · Score: 3, Informative

      Fuzzing and grepping are entirely different things. If your original post hadn't gotten modded up, I probably wouldn't even respond. Fuzzing is a mechanism where cleverly malformed data is sent to an application or even a piece of hardware to see how it responds. Things like an invalid message with a proper authentication code. It's a pretty effective form of testing. In this context your comment might as well be. "Testing your software is just a poor man's method of finding errors (the real problem) in some code. Glorified greps." Ideally we aren't writing defects and are bug-free before a testing cycle, but that rarely (if ever) happens. Even if there are no verification defects there may be validation concerns. Both this and fuzzing are *dynamic* tools. Grep is a static tool although I don't know how it could possibly be employed in finding all but the most trivial defects. There are sophisticated static tools out there as well. (See FindBugs for an open source example of one). But these have nothing in common with grep.

  3. Re:Debug runtime typing system by edtice1559 · · Score: 3, Informative

    From the paper: "Runtime type checking by dynamic_castis an expensive operation (e.g., 90 times slower than static_cast on average). For this reason, many performance critical applications like web browsers, Chrome and Firefox in particular, prohibit dynamic_cast in their code and libraries, and strictly use static_casto If can afford to use dynamic_cast in your code then, arguably, you can afford to write in a type-safe language like Java or C#. That's more of a philosophical discussion but the whole point is that if you can turn static_cast to dynamic_cast temporarily for debugging, that's useful. You an probably do that with some creative macro wizardry but this solution appears to be much better as it also includes an improved runtime type system