> -----Original Message----- > From: Tim Newsham [mailto:newsham@xxxxxxxx] > But lets assume that a good programmer is writing software and > it comes to his attention that there is a buffer overflow, or > that user input is not being filtered, or that user input is being > passed to a printf type function. What happens next? Well, it > depends on how many bugs there are, how much other work needs > to be done, and very importantly, what the perceived impact of > that bug is. You cannot imagine how many times a bug is pointed > out and the author of the software says "ok, that bug can only > happen if the user does something stupid, and it is not exploitable. > Lets defer that one." This suggests that it's reasonable for a program to segfault because the user made a mistake, instead of having some non-fatal form of error handling. I don't think that should be acceptable at all, though I agree it's very common. If I had a dollar for every time I've lost work because a segfault or GPF happened before I saved my document...
