←back to thread

Remotely Compromising Android and iOS via a bug in Broadcom's WI-FI Chipsets

(blog.exodusintel.com)
387 points pedro84 | 2 comments | 26 Jul 17 19:51 UTC | HN request time: 0.49s | source
Show context
Animats ◴[26 Jul 17 22:28 UTC] No.14860964[source]
C's lack of array size info strikes again:

    memcpy(current_wmm_ie, ie->data, ie->len);
where "ie" points to data obtained from the net.
replies(2): >>14861129 #>>14861284 #
corndoge ◴[26 Jul 17 23:23 UTC] No.14861284[source]
Programmer's mistake for not validating data, not the fault of C language mechanics. Yes it would be easier if <hll features>, still gotta be careful. I've made plenty of these mistakes but never blamed the language.
replies(5): >>14861427 #>>14861944 #>>14861961 #>>14866096 #>>14871609 #
orf ◴[26 Jul 17 23:48 UTC] No.14861427[source]
If a manufacturer makes and sells a gun that keeps going off in people's holsters and shooting people in the foot, the answer is not to say "it's the user's fault for not using it properly. I've shot myself in the foot hundreds of times and I don't blame the manufacturer".

Or something. That analogy sounded better in my head than written down. The point is that IMO the blame lies squarely with the C language: it's a language that's used in a lot of complex parsing code and provides pretty much nothing to help with this, and if anything actually puts roadblocks in the way.

replies(4): >>14861447 #>>14863535 #>>14864749 #>>14872582 #
corndoge ◴[26 Jul 17 23:51 UTC] No.14861447[source]
I shot myself in the foot yet I don't blame the manufacturer for not putting a safety on the gun since I'm the one that bought it with full knowledge of the caveats
replies(4): >>14861489 #>>14861731 #>>14861881 #>>14861917 #
1. teraflop ◴[26 Jul 17 23:58 UTC] No.14861489[source]
If thousands of people were repeatedly making the same mistake, and frequently shooting other innocent bystanders' feet, I would definitely put some blame on the manufacturer.
replies(1): >>14862397 #
2. corndoge ◴[27 Jul 17 03:09 UTC] No.14862397[source]
the parents analogy is quite bad since C doesn't shoot you in the foot unless you pull the trigger

closer to a gun without a safety, which plenty of manufacturers sell