> It's a word, a short statement or phrase which you learn.
Can you make a good one?
> Man, I wish I could recommend an answer. You're not gonna remember something, because, obviously, pi's so big. Actually, let's forget pi. There's only one way: Googling for it.
If you are familiar with that paper, I'm a little confused by the results section. If I'm reading p01 from figure 7 correctly, the "before" is x&(x-1) and the "after" is a single instruction x&(x<<1). What am I doing wrong?
(The other two wins listed are "recognize the Hacker's Delight trick and replace it with the straight-forward implementation a human would write", which I like.)
The type looks a little insane, but it's just a combination of three mundane hacks that also exist in other languages.
The first: If you need a serializer/deserializer in a simple language like old-school Java, you can either write two methods for each class, or you can combine them into one method like this:
class HoveringSkull inmplements Streamable {
String desc;
float height;
void stream(Stream c) {
desc = c.stream(desc);
height = c.stream(height);
}
... and have two different implementations of Streamable. That's what the choice of (pro-)functor instance does -- you can swap out the implementation to get 'read' and 'write' (and 'deepClone' and 'equals' and 'hashCode' and 'defaultGui' and 'treeMatch' and ...)
Before you start rearchitecting your app, be sure to check if the only reason you're seeing preflights on GET is that someone added a dumb X-Requested-By header.
(You can even do POSTs without preflight if you use a whitelisted content-type.)
That's code copied from the linked gist. But, it omits some key lines in the middle, and does not actually overflow:
DWORD required_length;
auto rc = RegQueryValueExW(key, version, NULL, NULL, NULL, &required_length);
if (rc != 0) return NULL;
DWORD length = required_length + 2; // The +2 is for the maybe optional zero later on. Probably we are over-allocating.
wchar_t *value = (wchar_t *)malloc(length);
if (!value) return NULL;
rc = RegQueryValueExW(key, version, NULL, NULL, (LPBYTE)value, &length); // We know that version is zero-terminated...
if (rc != 0) return NULL;
// The documentation says that if the string for some reason was not stored
// with zero-termination, we need to manually terminate it. Sigh!!
if (value[length]) {
value[length+1] = 0;
}
`length` starts at 2 greater than naively needed, then is updated to the real value (again, always 2 less I guess).
That only works if someone does not race and modify the content of that registry key between the two function calls. And that, my friend, is how buffer overflow exploits are born.
Don't poke beyond your end. Don't poke using a value that was returned by a function you don't control. The code shown does both. Such quality, it Jonathan Blow.
Yeah, this function has a few surprising bits of sloppyness ... but:
> NOTE(Kalinovcic): I have translated the original implementation to C
Another point, this is a build-time tool: some assumptions of good-faith input are reasonable and necessary. If an attacker can modify paths to visual studio components in your registry, you have bigger problems (just running the attacker's code directly regardless of safe string handling).
hah, more than 1 byte for sure, I missed that detail ...
EDIT: I develop on unix systems, not windows, so I'm rusty here ... looking up RegQueryValueExW() the `length` ("lpcbData") is in bytes so everything goes fine until `value[length]` which is indexing by wchar_t (16-bit on windows I guess, 32-bit on linux systems) so it's double the byte offset intended, that's way out.
A pointer to a variable that specifies the size of the buffer pointed to by the lpData parameter, in bytes. When the function returns, this variable contains the size of the data copied to lpData.
In other words, it's rewritten to be the actual length before it's incremented for null termination.
`RegQueryValueExW`'s last parameter is in and out, so that `length` is set to the actual written length after the call.
It might cause an OOB write though, with a data race on the registry key (if the key's value happens to grow in length by a char or two between the calls, time of check time of use yada yada).
Isn't that how fundraising works? You make people commit to "supporting your cause" with a trivial pledge, so that when you ask for actual money they can't back out without losing face.
"I will maybe log off at some point" sounds like maybe too weak a pledge to me, but I'm sure they've focus grouped the shit out this.
"You can't compress noise." Well, humans can't tell the difference between two snippets of white noise.
It'll be fun. Remember jbig? (can't find the source, but iirc "most of what we're sending is text, so our fax can detect identical characters and reuse them! genius! [ten years and several bonuses later] um boss, our fax swapped a few ... 'identical' ... digits in someone's legal documents, so you have to appear in court now. also their entire scanned document archive is potentially corrupted and they may want damages")
I guess the 'no photos on the internet' people will have the last laugh; they won't be the ones seen criming in the background of someone else's blurry holiday photo.
> "You can't compress noise." Well, humans can't tell the difference between two snippets of white noise.
new codecs (decoders?) have something called Film Grain Synthesis. i think you have to encode the content before this is applied at the source?
i'm not sure this actually madebit into the AV1 standard or encoders yet.
tried encoding Hurt Locker a few years ago and the film grain added to it really put the hurt on x264/handbrake. the final file size was nearly as big as the original content. back then the same amount of cpu burning could have probably found a full btc :D
Yes, that's the point. If you need to parse a JPEG, you spawn a VM to do so. It is allowed to use n seconds of CPU, k bytes of memory, and send a bitmap back to the caller.
(Sure, you could screw it up if the caller accepts a negative-size bitmap and corrupts its heap. Lets assume that process is written in a memory-safe language.)
> It's a word, a short statement or phrase which you learn.
Can you make a good one?
> Man, I wish I could recommend an answer. You're not gonna remember something, because, obviously, pi's so big. Actually, let's forget pi. There's only one way: Googling for it.
(count the letters)