Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Awards Researchers $100k For Detecting Emerging Class of C++ Bugs

Posted by timothy on from the incentives-matter dept.

An anonymous reader writes: Facebook has awarded $100,000 to a team of researchers from Georgia Tech University for their discovery of a new method for identifying "bad-casting" vulnerabilities that affect programs written in C++. "Type casting, which converts one type of an object to another, plays an essential role in enabling polymorphism in C++ because it allows a program to utilize certain general or specific implementations in the class hierarchies. However, if not correctly used, it may return unsafe and incorrectly casted values, leading to so-called bad-casting or type-confusion vulnerabilities," the researchers explained in their paper.

2 of 73 comments (clear)

  1. Gee... by Anonymous Coward · · Score: 0, Insightful

    I think that was reported back in ... oh 1973 with the original C compiler.

    Just another reason to avoid C++.

    1. Re:Gee... by Anonymous Coward · · Score: 2, Insightful

      Casting is much more common in C++ code. I don't know if that's because of the proliferation of unique types, or because there are more newbie programmers working in C++, but I cringe whenever I look at a large C++ code base.

      Good C code rarely needs casting, if at all. I presume the same is true of C++.

      When I need complex runtime polymorphism, I'll switch to a language that better handles that, like Lua. The nice thing about C is that it interoperates easily with almost all other languages. This is less true with C++ (because of the stricter typing and abuse of overly specialized types; because of ABI issues; because of the way C++ programmers, like Java programmers, rely on mountains of third party libraries, often creating conflicts).

      if you feel the need to cast you've probably coded yourself into a corner and should think about refactoring.