For the most part, my job is one of programmer and general systems tinkerer and repairer. I ran across an interesting write up of the latest Internet Explorer fix issued by Microsoft and, I have to say, it’s pretty much the archetype of what programmers like myself deal with every day.
Okay, so if you haven’t heard, Microsoft released a patch for Internet Explorer 8 to resolve an exploit. What was the problem with the code? What huge mistake did some unnamed and faceless programmer make in the process of creating the code for Internet Explorer?
He added an extra ampersand. One. A single ‘&’ symbol, and all their code came crashing down. I’ll explain but it’s going to get pretty geeky here in a second.
Here’s the code in question:
hr = pStream->Read((void*)&pbArray, (ULONG)cbSize, NULL);
And here is the resulting code after the fix:
hr = pStream->Read((void*)pbArray, (ULONG)cbSize, NULL);
The extra ‘&’ character– which I’ve highlighted in the first line of vulnerable code– causes the code to write data, of size cbSize, to the address of the pointer to the array, pbArray, rather than write the data into the array itself.
And that pointer is on the stack. Big problem.
This is a stack-based buffer overrun vulnerability, and it is a very big issue. The simple typo corrupted the code of the MSVidCtl ActiveX control used by Internet Explorer.
This sort of thing happens to every programmer. I can’t count the number of times that I’ve gone through a piece of code, line by line by line by line, trying desperately to figure out what the problem is, only to find that the issue was something as small as a decimal point or misplaced bracket.
Welcome to the insane and meticulous world of programming.