473,785 Members | 2,188 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

How programming in C got me in trouble with the law

I've been programming in C for years, and never experienced troubles
until I started using the new RealC-32, a freeware C compiler from the
same company that makes RealPlayer and Quicktime. That's when the
trouble started. See, RealC-32 is like any other C compiler but with
one notable difference. Any time your code invokes undefined
behavior-- for example by dereferencing an uninitialized pointer--
rather than the usual segmentation fault, instead the program will chug
along as usual, but will silently start launching spam emails and
spyware from the computer.

It was only a matter of time before I accidentally forgot to initialize
a pointer before dereferencing it. Then, sure enough, in place of the
usual segfault, my computer started sending porn to every email account
on the 'net. Hours later, the feds busted down my door and I was
hauled off kicking and screaming.

At my trial I insisted I was not responsible for the spam, that it was
the fault of RealC-32. But a representative from the company pointed
out that they were completely in compliance with the C standard, which
allowed them free reign to do as they pleased with my computer once I
dereferenced that uninitialized pointer. The judge agreed that I was
merely using a RealC-32 extension to simplify the creation of the
spam-sending software, and that I was just as responsible for it as I
would be if I'd explicitly programmed it using, say, gcc. In the end I
was forced to succumb to their logic-- they were, afterall, quite
right.

EPILOGUE

Stone McStone continues to serve hard time in a federal "pound me in
the ass" prison. Hopefully he's learned his lesson about dereferencing
uninitialized pointers! RealC-32 has made millions of dollars by
selling adware contracts to small startup businesses. They are
currently negotiating with Diebold Inc. trying to win the contract to
provide the C compiler for Diebold's controversial e-voting machines.

Sep 17 '06 #1
27 2021
Stone McStone posted:
It was only a matter of time before I accidentally forgot to initialize
a pointer before dereferencing it.

I take it you're a novice... ? Truthfully, I can't remember the last time I
used an uninitialised pointer; I know when I was just learning about
pointers, that I made the usual beginner mistake of:

char *p;

p = 5;

, but that was because I lacked an understanding of what a pointer is.

--

Frederick Gotham
Sep 18 '06 #2

Frederick Gotham wrote:
Stone McStone posted:
It was only a matter of time before I accidentally forgot to initialize
a pointer before dereferencing it.


I take it you're a novice... ? Truthfully, I can't remember the last time I
used an uninitialised pointer; I know when I was just learning about
pointers, that I made the usual beginner mistake of:

char *p;

p = 5;

, but that was because I lacked an understanding of what a pointer is.
Alas, I am indeed a novice. If only I had your genius- dare I say,
youre almost DIVINE genius- I would not be held in federal prison
today. There isn't a day that goes by when I don't think about that
dereferenced pointer and all the chaos and destruction it has caused.
Everything... ruined. Darkness. Death comes. All is lost.

Sep 18 '06 #3
Stone McStone posted:
Alas, I am indeed a novice. If only I had your genius- dare I say,
youre almost DIVINE genius-

I might have above-average intelligence, but I'm no genius.

I would not be held in federal prison today. There isn't a day that
goes by when I don't think about that dereferenced pointer and all the
chaos and destruction it has caused. Everything... ruined. Darkness.
Death comes. All is lost.

Ah well, either:

(1) Try not to write code whose behaviour is undefined.
(2) Get a compiler which will deal gracefully with your undefined behaviour.

--

Frederick Gotham
Sep 18 '06 #4
st**********@ya hoo.com wrote:
Frederick Gotham wrote:
Stone McStone posted:
It was only a matter of time before I accidentally forgot to initialize
a pointer before dereferencing it.

I take it you're a novice... ? Truthfully, I can't remember the last time I
used an uninitialised pointer; I know when I was just learning about
pointers, that I made the usual beginner mistake of:

char *p;

p = 5;

, but that was because I lacked an understanding of what a pointer is.

Alas, I am indeed a novice. If only I had your genius- dare I say,
youre almost DIVINE genius- I would not be held in federal prison
today. There isn't a day that goes by when I don't think about that
dereferenced pointer and all the chaos and destruction it has caused.
Everything... ruined. Darkness. Death comes. All is lost.
My theories in random order:

1) Troll.
2) Someone very bored who decided to post random
stuff on a group.
3) Someone who wants to tarnish the reputation of a
certain company mentioned in the opening post.

Sep 18 '06 #5
Spiros Bousbouras posted:
My theories in random order:

1) Troll.
2) Someone very bored who decided to post random
stuff on a group.
3) Someone who wants to tarnish the reputation of a
certain company mentioned in the opening post.

Ah yes, I realise this. I found the original post interesting nonetheless.

--

Frederick Gotham
Sep 18 '06 #6
Frederick Gotham said:
Stone McStone posted:
>Alas, I am indeed a novice. If only I had your genius- dare I say,
youre almost DIVINE genius-


I might have above-average intelligence, but I'm no genius.
Precisely the same description applies to a basset hound.

He's ***sending you up***. Don't you see that? YHBT!

If you're really of above-average intelligence, you'll know when to fold.

--
Richard Heathfield
"Usenet is a strange place" - dmr 29/7/1999
http://www.cpax.org.uk
email: rjh at above domain (but drop the www, obviously)
Sep 18 '06 #7
Richard Heathfield posted:
Frederick Gotham said:
>Stone McStone posted:
>>Alas, I am indeed a novice. If only I had your genius- dare I say,
youre almost DIVINE genius-


I might have above-average intelligence, but I'm no genius.

Precisely the same description applies to a basset hound.

He's ***sending you up***. Don't you see that? YHBT!

If you're really of above-average intelligence, you'll know when to fold.

I'm aware of the nature of this thread, although I though it had an
interesting point: Where the Standard specifies that the behaviour is
undefined, the implementation is free to do whatever it likes -- including
running Spyware. ;) The "nose demons" expression has run its course!

--

Frederick Gotham
Sep 18 '06 #8
Frederick Gotham wrote:
>
I'm aware of the nature of this thread, although I though it had an
interesting point: Where the Standard specifies that the behaviour is
undefined, the implementation is free to do whatever it likes -- including
running Spyware. ;)
I think this needs some clarification , in particular the "free
to do" part. As far as being logically consistent with the C
standard goes then it is true that the implementation is free
to run spyware when encountering undefined behaviour and
still conform to the standard. However a person writing a
C compiler operates in the real world so he/she is restricted
by rules in addition to what the C standard specifies. Most
relevant to the spyware possibility are the rules of good behaviour
and the laws of each country.

If I had reason to believe that a compiler might start running
spyware after encountering undefined behaviour I wouldn't
trust the compiler and therefore stop using it not because the
standard was violated (which it wasn't) but because the rules
of good behaviour as I understand them were violated. After
all if someone is perverted enough to create a compiler which
behaves in such a manner then they cannot be trusted even if
they say that their compiler is conforming ; it might run spyware
even when the programme does not contain undefined behaviour.
>From a practical point of view I think that "undefined behaviour"
will almost always mean one of the following two things:

1) That the compiler will contain no special provisions to deal
with the case so the output will essentially be random. As such
I would expect that the probability of erasing the whole hard disk
is vanishingly small and running spyware practically impossible.
The probability that the compiler has a bug so the behaviour would
be random even when encountering correct code is larger , I think ,
that the probability of any of the above two events happening.

2) That the compiler does contain some special provision as
part of a joke. The obvious example is some version of gcc which
ran Towers of Hanoi when encountering the pragma directive (which
was implementation defined rather than undefined).
The reason I wrote all the above is because I feel that when the
subject of undefined behaviour comes up on this group, it is dealt
with in a somewhat idealistic manner ie if the behaviour is defined
then you are certain what is going to happen but if it is undefined
then anything goes. My point is that realistically speaking if the
behaviour is defined by the standard you are still not certain because
the compiler might have bugs and if it is undefined it is still the
case
that some things which are permitted by the natural laws can not
be expeted to happen.

Sep 18 '06 #9
"Spiros Bousbouras" <sp****@gmail.c omwrites:
From a practical point of view I think that "undefined behaviour"
will almost always mean one of the following two things:

1) That the compiler will contain no special provisions to deal
with the case so the output will essentially be random. As such
I would expect that the probability of erasing the whole hard disk
is vanishingly small and running spyware practically impossible.
The probability that the compiler has a bug so the behaviour would
be random even when encountering correct code is larger , I think ,
that the probability of any of the above two events happening.

2) That the compiler does contain some special provision as
part of a joke. The obvious example is some version of gcc which
ran Towers of Hanoi when encountering the pragma directive (which
was implementation defined rather than undefined).
(It was nethack, not Towers of Hanoi.)

Undefined behavior isn't random, it's arbitrary. This is an important
distinction; the word "random" has a specific mathematical meaning,
and using it in this context can raise unrealistic expectations.

Even if the behavior in the presence of, say, a buffer overflow is
purely accidental, if there's code on the system that will reformat
your hard drive, it's conceivable that a misbehaving program could
accidentally branch to that code.

But the results of undefined behavior aren't always purely accidental.
Viruses and other malware typically work by *deliberately* exploiting
buffer overflows. And if it were physically possible for a computer
system to make demons fly out of your nose, you can be that some virus
writer would make it do so.

--
Keith Thompson (The_Other_Keit h) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.
Sep 18 '06 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
34
3205
Object Oriented Programming (OOP)
by: Pmb | last post by:
Hi. I'm new to this group. I'm refreshing/learning C++ and am starting to learn Object Oriented Programming (OOP). In discussing this with people I came up short as to what the benefits of OOP are. For example: As I understand it, OOP has its main benefit in software reuse. Thus one develops a software library of classes and this cuts down the overhead of reinventing the wheel. Someone might say that this can be done with structured...
C / C++
80
5287
Getting Started in Programming & Scripting
by: Bibby | last post by:
Hi, I'm interested in getting started in the programming world. I've dabbled in C, C++ and VB6. Which would be the best language to focus my attention to regarding the following considerations: Hireability Portability Flexibility The likely candidates seem to be Java, VB.Net, C, C++, C#.
C / C++
25
2448
Programming for bank
by: PRESENT321 | last post by:
I just wanted to get some advice. I've had a few years experience in web site design and server-side programming and am fairly confident in my skills. There is a local Credit Union wanting to add a few features to their site (bill pay, transfer money between banks) and I am interested in the job. However, I've never worked for a bank before. Any suggestions about how to win the job, and how to ensure my work is secure enough for this
PHP
6
5142
Math programming with C
by: @(none) | last post by:
Hi, I need to learn the necessary and sufficient C programming knowledge in order to be able to implement number theory and graph theory algorithms (as RSA or Dijkstra algorithms). No system programming no network programming nor graphic programming. Any advice ? Any link to a non verbose reference ? Thanks in advance,
C / C++
90
5255
How to find reliable offshore (India) programming shop? (this is not aspam)
by: Bret Pehrson | last post by:
This message isn't spam or an advertisement or trolling. I'm considering farming some of my application development to offshore shops (I'm in the US). I have absolutely *no* experience w/ this, and therefore I'm looking for comments, suggestions, etc. on how to go about this w/o getting screwed. My current application development is primarily database-driven apps in C++/C#, so I'm looking for programmers w/ up-to-date skills.
C# / C Sharp
9
2511
"The World's Most Maintainable Programming Language"
by: John Salerno | last post by:
There is an article on oreilly.net's OnLamp site called "The World's Most Maintainable Programming Language" (http://www.oreillynet.com/onlamp/blog/2006/03/the_worlds_most_maintainable_p.html). It's not about a specific language, but about the qualities that would make up the title language (learnability, consistency, simplicity, power, enforcing good programming practices). I thought this might be of interest to some of you, and I...
Python
30
3430
Alternative to C for system programming
by: pavan | last post by:
Is there a modern (OO, garbage collected etc...) programming language that can server as a good alternative for C for system programming. I wouldn't want to compromise too much on performance.
C / C++
17
4722
Bjarne Stroustrup (The Creator of C++): The C++ Programming Language - Third Edition
by: CoreyWhite | last post by:
I bought this book years ago, when I was just learning C++. Since then I've gone through every math course offered at my college, taken courses on coding C & thinking in terms how how to make the smallest tightest algorithms to preform specific functions. I've also grown and matured a lot, and am wiser and older. I'm reading through the C+ + Programming Language, Third Edition now, and I can actually understand it. I can understand it...
C / C++
7
6002
Banfa
Class 1: So You Wanna Learn Programming... (In C++)
by: Banfa | last post by:
Posted by Ganon11 So, you want to learn how to program! Good for you! Programming is a very intruiging and fun activity to pick up, and it's also a great career choice if you like it! Finally, it can be a great brain teaser-type activity, as you challenge yourself with creative and difficult problems! But there's a problem. What I'm typing in right now is English. It's cool, it lets you understand what I'm saying, and we've spoken...
C / C++
0
9484
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10350
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10157
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
10097
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
8983
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
5386
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5518
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4055
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3658
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us