Graphics Programs Reference
In-Depth Information
A program can only do what it's programmed to do, to the letter of the law.
Unfortunately, what's written doesn't always coincide with what the program-
mer intended the program to do. This principle can be explained with a joke:
A man is walking through the woods, and he finds a magic lamp on
the ground. Instinctively, he picks the lamp up, rubs the side of it
with his sleeve, and out pops a genie. The genie thanks the man for
freeing him, and offers to grant him three wishes. The man is ecstatic
and knows exactly what he wants.
“First,” says the man, “I want a billion dollars.”
The genie snaps his fingers and a briefcase full of money
materializes out of thin air.
The man is wide eyed in amazement and continues, “Next, I want
a Ferrari.”
The genie snaps his fingers and a Ferrari appears from a puff
of smoke.
The man continues, “Finally, I want to be irresistible to women.”
The genie snaps his fingers and the man turns into a box
of chocolates.
Just as the man's final wish was granted based on what he said, rather
than what he was thinking, a program will follow its instructions exactly, and
the results aren't always what the programmer intended. Sometimes the
repercussions can be catastrophic.
Programmers are human, and sometimes what they write isn't exactly
what they mean. For example, one common programming error is called an
off-by-one
error. As the name implies, it's an error where the programmer has
miscounted by one. This happens more often than you might think, and it is
best illustrated with a question: If you're building a 100-foot fence, with fence
posts spaced 10 feet apart, how many fence posts do you need? The obvious
answer is 10 fence posts, but this is incorrect, since you actually need 11. This
type of off-by-one error is commonly called a
fencepost error
, and it occurs when a
programmer mistakenly counts items instead of spaces between items, or
vice versa. Another example is when a programmer is trying to select a range of
numbers or items for processing, such as items
N
through
M
. If
N = 5
and
M = 17
,
how many items are there to process? The obvious answer is
M - N
, or
17 - 5 = 12
items. But this is incorrect, since there are actually
M - N + 1
items, for a total
of
13
items. This may seem counterintuitive at first glance, because it is, and
that's exactly why these errors happen.
Often, fencepost errors go unnoticed because programs aren't tested for
every single possibility, and the effects of a fencepost error don't generally
occur during normal program execution. However, when the program is fed
the input that makes the effects of the error manifest, the consequences of the
error can have an avalanche effect on the rest of the program logic. When
properly exploited, an off-by-one error can cause a seemingly secure program
to become a security vulnerability.
One classic example of this is OpenSSH, which is meant to be a secure
terminal communication program suite, designed to replace insecure and
