Validating C and C++ for Safety and Security
By Robert C. Seacord, February 01, 2006
Sometimes the only way to track down security flaws such as buffer overflows is to roll up your sleeves and manually review the code. Robert outlines a process for manual review that's based on Safe-Secure C/C++.
February, 2006: Validating C and C++ For Safety and Security
Example 1: hbAssignCodes() function.
void hbAssignCodes(
int *code, unsigned char *length,
int minLen, int maxLen, int alphaSize ) {
int n, vec, i;
vec = 0;
for (n = minLen; n <= maxLen; n++) {
for (i = 0; i < alphaSize; i++)
if (length[i] == n) { code[i] = vec; vec++; };
vec <<= 1;
}
}