Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!
 
  • Post
  • Reply
gibbed
Apr 10, 2006

bmoyles posted:

code:
while(list($key,$val) = each($_POST)) {
        $$key = $val;
}

while(list($key,$val) = each($_GET)) {
        $$key = $val;
}
I see this all the time and it makes my heart sad :(.

* # ¿ Apr 12, 2008 20:30
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 25, 2024 07:20
  • Quote
gibbed
Apr 10, 2006

Volte posted:

I can't see the code but it's definitely a coding horror.

http://forums.somethingawful.com/showthread.php?threadid=3161210

I just sniffed the packets for this game out of curiosity and it sends raw SQL commands back and forth between client and server, as well as updating the SQL backend every 1 second or so for a heartbeat keepalive type thing. :gonk:
:bravo:

I'm not evil but that's just loving stupid. Punish them for it!

* # ¿ Jul 2, 2009 07:50
  • Quote
gibbed
Apr 10, 2006

Lexical Unit posted:

This code is now my favorite code:
code:
template<class T>
T ByteSwap(T x)
{
	T r;
	int n = sizeof (T);
	if (n > 8)
		std::cerr << "this is probably an error" << std::endl;
	unsigned char* p = (unsigned char*)&x;
	for (int i = 0; i < n; ++i)
		((unsigned char*)&r)[i] = p[n - 1 - i];
	return r;
}

template<class T>
void swap_data(T* data, int n)
{
	int i;
	switch (sizeof (T))
	{
		case 1: break;
		
		case 2:
			for (i = 0; i < n >> 1; i++)
				*(unsigned short*)(data + i) =
					bswap_16 (*(unsigned short*)(data + i));
			break;
			
		case 4:
			for (i = 0; i < n >> 2; i++)
				*(unsigned*)(data + i) =
					 bswap_32 (*(unsigned*)(data + i));
			break;
			
		case 8:
			for (i = 0; i < n >> 3; i++)
				*(unsigned long long*)(data + i) =
					bswap_64 (*(unsigned long long*)(data + i));
			break;
			
		default:
			for (i = 0; i < n / sizeof (T); i++)
				data[i] = ByteSwap (data[i]);
			break;
	}
}
Why is this a horror?

* # ¿ Jul 7, 2009 20:42
  • Quote
gibbed
Apr 10, 2006

Painless posted:

- random, pointless printing to cerr
- creating a T instance makes the byteswap function a lot less generic than it could be
- pointless runtime switching (this will almost certainly get optimized away, though)
This is nitpicking and platform specific, although the cerr thing is stupid, yes. :colbert:

Dijkstracula posted:

To say nothing of that ridiculous switch statement could be removed (edit: or at least simplified) if the author had known about fls()
I would like to see this.

It seemed mostly OK to me, although I wouldn't make it a template.

* # ¿ Jul 8, 2009 01:17
  • Quote
gibbed
Apr 10, 2006

floWenoL posted:

What is fls()?
The fls(), flsl() and flsll() functions find the last bit set in value and return the index of that bit.

* # ¿ Jul 8, 2009 01:44
  • Quote
gibbed
Apr 10, 2006

sex offendin Link posted:

There is no generalized way to byte-swap IEEE 754 numbers anywhere, they are for all intents and purposes non-portable.
And the very few places I've seen that swap floats just swap their bytes as if they were uints.

* # ¿ Jul 8, 2009 03:32
  • Quote
gibbed
Apr 10, 2006

Mustach posted:

!(There's not an operator that does this).
isValid = !checkForInvalid() ? true : false

:smug:

* # ¿ Oct 10, 2009 12:30
  • Quote
gibbed
Apr 10, 2006

king_kilr posted:

Does $ret implicitly get set to "" when something is concatinated to it (and it doesn't already exist).
Yes, but you'll also get a warning (unless you're dumb and have warnings set to something other than E_ALL).

* # ¿ Dec 22, 2009 04:56
  • Quote
gibbed
Apr 10, 2006

 Well there's your problem, you're looking at a reimplementation, probably made from disassembling the original to begin with.

* # ¿ Jul 29, 2010 00:00
  • Quote
gibbed
Apr 10, 2006

dwazegek posted:

code:
public void DoSomething(int parameter1, SomeObject parameter2 = null)
{
  if(parameter2 == null)
    throw new ArgumentNullException("parameter2");

  ...
}
:psyduck:
Why is this a horror?

I'm assuming you mean something besides the argument names.

* # ¿ Oct 7, 2010 14:03
  • Quote
gibbed
Apr 10, 2006

Ugg boots posted:

Hah, that's awesome. Here's a preview of the code from that page :D
I RE'd a little bit of the testalib.exe and it appeared to just be XORing the content with a generated table based on the key (this is just from a quick look though, I could be wrong). So yeah, crappy obfuscation.

* # ¿ Feb 21, 2011 19:14
  • Quote
gibbed
Apr 10, 2006

BonzoESC posted:

That's how AES-CTR and AES-OFB work, except the table is so fantastically large it's impractical to store.
Well yes, but this self-implemented junk is terrible.

* # ¿ Feb 23, 2011 12:29
  • Quote
gibbed
Apr 10, 2006

Broken Knees Club posted:

What are the chances that Reflector is choking on obfuscated code? I have no idea how anyone could ever wrangle such a codebase.
It's not obfuscated.

* # ¿ May 26, 2011 05:30
  • Quote
gibbed
Apr 10, 2006

 That wouldn't influence the obscene classes Terraria has though.

gibbed fucked around with this message at 09:26 on May 26, 2011

* # ¿ May 26, 2011 09:17
  • Quote
gibbed
Apr 10, 2006

ahmini posted:

I saw something like this the other day:

:ohdear:
What's wrong with fall-through? (I'm assuming that wasn't wrapped in a for).

* # ¿ Jun 17, 2011 11:25
  • Quote
gibbed
Apr 10, 2006

Suspicious Dish posted:

I don't understand how register_globals is a security bug at all. It's a terrible idea, sure, but not a security risk. The biggest argument that I've heard is that apparently arguments from $_GET get filled in before arguments from $_POST, so the user can add &admin=1 to the query string to get admin privileges or something. Do people really expect valid and correct information in $_POST or $_COOKIE or any of the other globals? Of course $_POST['admin'] is much more secure!
No, nothing related to the different sources, people are just stupid.

php:
<?php
if (user_authenticated()) {
  $admin 1;
}

if ($admin) {
 ...
}
?>

* # ¿ Mar 5, 2012 07:07
  • Quote
gibbed
Apr 10, 2006

Jonnty posted:

When I was watching, you couldn't actually make out the code. Probably for the best.
Should have switched the Stream to 720p or 1080p. :ssh:

* # ¿ Apr 8, 2012 01:56
  • Quote
gibbed
Apr 10, 2006

trex eaterofcadrs posted:

Jesus Christ I just assumed there was one cause win32 C API has GetPrivateProfileString/Int.
Which are deprecated and are only present for compatibility with 16-bit applications. :science:

.ini format is terrible anyway.

* # ¿ May 1, 2012 04:22
  • Quote
gibbed
Apr 10, 2006

Suspicious Dish posted:

Fun fact: did you know Steam invented their own binary format that emulates the Windows registry for some reason, including the STRING/DWORD/BINARY mess?
Are you talking about VDF? It's not just a binary format if you're talking about that.

Also I don't see how it emulates the Windows registry.

* # ¿ May 1, 2012 04:51
  • Quote
gibbed
Apr 10, 2006

Suspicious Dish posted:

No, I'm talking about the format that ClientRegistry.blob is in. It's a custom binary format, magics 0x5001 (uncompressed) and 0x4301 (zlib compressed). I don't think the format has been written up before. I, along with a few other people, reverse engineered it, so let me write a bit about it.
D'oh. I completely forgot about ClientRegistry.blob, yeah, that's one giant crapshoot.

I deal with it in a passive way (I wrote code for it ages ago, but no longer use that).

Thermopyle posted:

I would love to hear the story from Valve about why the hell they did this.
Valve have never professed to be good at coding things. :v:

* # ¿ May 1, 2012 17:40
  • Quote
gibbed
Apr 10, 2006

Janin posted:

The comments indicate that it takes a long time, potentially over an hour.
The code that runs the test doesn't try to repeatedly call anything and it says my Core2Duo is not buggy in Opera/IE. If this exploit actually does function somehow, time to upgrade. :bang: It screams bullshit though.

* # ¿ Jul 15, 2012 07:37
  • Quote
gibbed
Apr 10, 2006

HappyHippo posted:

Writing a chess program I really wanted to use the unicode chess symbols as enum values, sadly* C# wouldn't allow it (although it will allow them in the comments).

*wisely
Does this count as a valid hack?

You may not be able to directly interact with the unicode symbols, but ToString() doesn't give a poo poo about it. :)

var piece = Chess.Piece.BlackPawn;
var piece = Enum.Parse(typeof(Chess.Piece), "♟");

gibbed fucked around with this message at 13:32 on May 11, 2013

* # ¿ May 11, 2013 13:28
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 25, 2024 07:20
  • Quote
gibbed
Apr 10, 2006

poopgiggle posted:

I don't think I can post the code but I recently reverse-engineered an encrypted file format where each byte is encrypted by switching the nibbles and XORing with a constant value.

If an algorithm was good enough for Julius Caesar, then by God it's good enough for us!
That sort of thing is painfully common.

* # ¿ Sep 7, 2013 20:15
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!