why you need proofreading

July 31, 2009

I use Firefox. Lots of people do these days. So I didn’t even know that a big security hole had opened up in Internet Explorer last month.

According to CNET, in language you or I can almost understand:

Michael Howard, a security program manager at Microsoft, explained in his blog that the typo corrupted the code of an ActiveX control used by the browser. The control was created by Microsoft using an older library of code, which Howard admitted has flaws. Because of those flaws, the typo caused the code to write untrusted data, exposing the browser to the bad guys.

So they issued an emergency patch last week, and are hoping it will hold the hackers off. But you know what the problem was? It was an &. A piece of code had an ampersand in it that didn’t belong there. Microsoft admitted that the typo would have been hard to spot – code is very hard to read – and is now working on new coding analysis procedures. In the meantime, here it is. Would you have seen it?

HRESULT hr = SafeArrayAccessData(psa, reinterpret_cast(&pbArray));
hr = pStream->Read((void*)&pbArray, (ULONG)cbSize, NULL);

Hmm. I thought not.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: