everyone should test their code this way
79,755
Published 2023-10-15
đ« COURSES đ« Learn to code in C at lowlevel.academy/
đ° NEWSLETTER đ° Sign up for our newsletter at mailchi.mp/lowlevel/the-low-down
đ SUPPORT THE CHANNEL đ Become a Low Level Associate and support the channel at youtube.com/c/LowLevelLearning/join
Why Are Switch Statements so FAST?    âąÂ why are switch statements so HECKIN f... Â
Why Do Header Files Exist?    âąÂ why do header files even exist? Â
How Does Return Work?    âąÂ do you know how "return" works under ... Â
đ„đ„đ„ SOCIALS đ„đ„đ„
Low Level Merch!: lowlevel.store/
Follow me on Twitter: twitter.com/lowleveltweets
Follow me on Twitch: twitch.tv/lowlevellearning
Join me on Discord!: discord.gg/gZhRXDdBYY
All Comments (21)
-
I already yell around 5-10 times a day at my computer
-
"like literally yelling at the code" proceeds not to yell at the code
-
Just for fun though, there's a footgun hidden in the example code, too. As the recv buffer has a hardcoded length limit of 1024 bytes, directly casting the input buffer into a struct that contains a user-controlled length field is not really a good idea. If somehow the codebase got updated in a certain way and the memcpy destination was a heap allocation, it may lead to information leak. E.g. ask the server to echo a 65535-byte data chunk from a 1024-byte input.
-
Why is fuzzing better than boundary tests?...after watching I withdraw my question.
-
Use -fsanitize=fuzzer,address and you should be able to find another bug in the parse code. If the input is less than the size of the struct you would read outside the memory. Does not always cause crash without address sanitizer. However not a bug in the program due to the receiving buffer size.
-
I love this type of videos where you show a useful tool and an example using this tool, and what's even cooler is the fact that using it you were able to detect a bug that wasn't intentional
-
It would be really funny if he said "there's no more bugs in this code" and libfuzzer just crashed.
-
I already do this every day
-
Satisfied customer here, been doing this for the last 10 years 10/10 - my code has feared me ever since
-
I publish fuzzers. Applied to tech roles for nineteen months without success. Hiring teams are ass.
-
That's why I used to use unsigned everywhere by default, until negative values are explicitly required by design. And yes, using e.g. -1 magic value to represent things like a non-existent index is a bad design. Don't do it.
-
Ah, there's a name for it. I do this regularly the manual way in my own projects, though granted those are all smaller projects where my scope of potential issues is "is there some way a user can force invalid data down this thing's throat". Useful to know if I ever manage to get a real job, lol(being a dev without a college degree is the dark souls of job hunting, I swear)
-
Segmentation fault (Core dumped)
-
Amazing brother, you have the gift of communicate complex concepts into simple terms. Thanks! Glad to find your channel! ;)
-
Well, because I am so good at messing up function calls by using function pointers and structs/unions, I need no help. The code would yell either way nevertheless.
-
I didn't quite catch why 7:45 is an issue. Would anyone mind please clarifying?
-
why did i think we might actually be yelling at code?
-
As always chef's kiss!
-
Interesting, I have no idea this type of testing exists. Thanks man
-
âPort 1337â that took me a second. Very funny