Re: Web browser in Ada

[Georg Bauhaus <rm.dash-bauhaus@futureapps.de>]

On 23.04.10 15:56, Maciej Sobczak wrote:

> 
> Could you refer to an existing browser vulnerability that is related
> to the core browser engine and that would be avoided by choosing
> another language?
> (I'm genuinely interested)


Does CSS count? Or image rendering components?
"buffer overflow" + {ie6, mozilla, ...} produce a number of
search results.  Then there is the presence of DEP in recent
MS systems brough to your desktop with IE7 ...

Buffer overflow continues to rank high, e.g. in the 2010 SANS Top 25:
http://cwe.mitre.org/data/definitions/120.html

Integer overflow or wraparound and improper array indexing rank
somewhat lower, but are present, too.

BTW, why do we still subscribe to the notion "integer overflow"
when the one thing that any sequence of what is commonly known
as integers cannot possibly do is to overflow?  Maybe the
wording is at the heart of the problem.

I think it is adequate and pedagogical to call it "int overflow".