Handmade Network»Forums
117 posts
Code hacker/developer
Code Security Auditing
Edited by Todd on
Do any of you folks who spend most of your time writing code in C or C++ specifically address security vulnerabilities in your code? What I mean by this is, do you actively audit your code, test, and check for buffer overflows, unsanitized user input, and other common security flaws? Does anyone have favorite resources which are essentially a checklist of what to look for? I've found a few myself and I was aware of most of them, but I figure I'd ask here because I know there are quite a few native devs here.

One of the benefits I seem to have discovered of spending most of my time writing native code these days is that most of these security problems are sorta built in to my "peripheral vision" so-to-speak while coding... Like for me, the second I start to write a "string" I'm already thinking about the null terminator... Likewise, when I write a for-loop I am paying close attention to the number of times it will execute vs. the number of times I need it to execute, etc... But I suppose one who is used to higher-level languages and then jumping into C occasionally may be more susceptible to opening up security holes in C.

Simon Anciaux
1108 posts
Code Security Auditing
If you're talking about security as in "if this software isn't secured, important data could be leaked" I don't know.

If you just want to be sure that your software behave as you intended there are a few tools to help but I don't have much experience with them:
- DrMemory
- Valgrind
- Static analyzer
--- Visual Studio: cl file.cpp -analyze
--- Clang: clang file.cpp --analyze
--- CppCheck
--- PVS studio (not free)
- Fuzzing

In handmade hero, Casey has some debug code (disabled most of the time) to check for buffer over/underflow: every allocation allocates an extra page of memory before (for underflow) or after (for overflow), and that page doesn't have write access. So if he was to write to those pages he would get an exception. I believe DrMemory and Valgrind can do that type of check but I'm not sure.
117 posts
Code hacker/developer
Code Security Auditing
Awesome, yes the second part is exactly what I meant. I am using a lot of those types of tools at work. There's some pretty advanced stuff out there like taint propagation tools as well which I love.